Your  Take:  Open  source 

Sabre  Holdings  CTO  Robert  Wiseman  (left)  says  open  source  software  helps  him  meet  uptime  requirements  on 
a  network  where  “it's  always  peak  hour  somewhere."  Page  20.  CIO  Randall  Spratt  explains  how  open  source 
helps  McKesson  wring  costs  out  of  the  IT  solutions  it  delivers  to  healthcare  customers.  Page  25. 


Early  look  at  the 
latest  Microsoft 
Windows  Server 

Microsoft  this  week 
will  distribute  a  pre¬ 
beta  ofWindows 
Server  2008  R2  and 
highlight  the  soft¬ 
ware’s  virtualization 
capabilities,  integra¬ 
tion  with  Windows  7 
and  other  features. 
Page  8. 


Visa  charges  into 
virtualization 

The  credit  card  giant 
is  looking  to  save 
money  as  it  spreads 
virtualization  across 
its  data  centers. 
Page  12. 


Juniper  deflection 

Juniper's  EX  8208 
data  center  switch  is 
shipping  late,  but  the 
company  looks  to 
deflect  bad  news. 
Page  14. 


Tech  challenges  for 
Obama 

Columnist  Scott 
Bradner  shares  his 
technology  wish  list 
for  the  incoming 
Obama  administra¬ 
tion.  Page  16. 
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Hard  times 
prompting 
IT  shops  to 
renegotiate 

BY  JON  BRODKIN 

Saving  money  is  paramount  for 
CIOs  in  today’s  economy  and  re¬ 
negotiating  vendor  contracts 
may  be  one  of  the  best  ways  to 
chop  expenses. 

Convincing  vendors  to  lower 
prices  when  you  have  a  signed 
contract  is  a  difficult  process,  yet 
six  out  of  10  CIOs  are  trying  just 
that,  according  to  a  survey  of  50 
CIOs  by  the  CIO  Executive 
Board. 

It  may  seem  hard  to  believe  a 
vendor  would  give  up  revenue 
willinglyThey  can  be  fairly  con¬ 
tentious  discussions,”  AMR  Re¬ 
search  analyst  David  Brown  says. 

But  it  is  a  competitive  market. 
“The  leverage  I  have  is  that  at 
some  point,  that  contract  is  going 
to  come  to  an  end, and  I’m  going 
to  be  more  likely  to  switch  ven¬ 
dors  when  someone  is  not  will¬ 
ing  to  be  flexible,”  says  Thomas 
Catalini,a  member  of  the  Society 
for  Information  Management 
(SIM)  and  vice  president  of  tech¬ 
nology  at  insurance  brokerage 
William  Gallagher  Associates  in 
Boston.The  brokerage  is  trying  to 
renegotiate  about  a  dozen  con¬ 
tracts  with  IT  vendors  including 
See  Contracts,  page  44 
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Ready  to  rock!  ^  l 

Taking  our  ciie  from  two  of  the 

hottest  video  games  (Rock  Band  2 

and  Guitar  Hero  World  Tour),  we  chose  holiday  gifts 

that  rocked  the  house.  Whether  a  hot  new  notebook 

or  a  wicked  cool  iPod  speaker  system,  these  gifts  all 

have  one  thing  in  common  —  they  rocked 

during  our  tryouts.  Page  34  ££ 


So  sit  back,  relax  and  enjoy  the  music  as 
you  peruse  this  year's  guide.  For  an  encore, 
head  online  to  www.nwdocfinder.com/7433 
to  see  Our  holiday  gift  suggestions  that  all 
will  make  you  feel  like  a  rock  star. 


STEVEN  VOTE 


Your  potential.  Our  passion. 

Microsoft 


IftC 


Introducing  Microsoft®  SQL  Server‘2008.  Harness  the  power  of  the  data  explosion. 
There's  been  an  explosion  in  the  amount  of  data,  and  the  number  of  data  formats, 
in  enterprises  in  recent  years.  With  new  SQL  Server  2008,  you  can  harness  the 
untapped  power  of  that  data  explosion  by  integrating,  managing,  and  delivering 
that  power  to  your  end  users.  One  example:  SQL  Server  2008  integrates  every  kind 
of  data  you  have,  from  documents  to  multimedia,  from  spatial/geographic  data 
to  XML.  See  the  power  you  can  give  end  users  at  SQLServerEnergy.com 

•^b\. 

Microsoft 
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Ready  to  rock! 

Taking  our  cue  from  two  of  the  hottest  video  games 
(Rock  Band  2  and  Guitar  Hero  World  Tour),  we  chose 
holiday  gifts  that  rocked  the  house.  Whether  a  hot 
new  notebook  or  a  wicked  cool  iPod  speaker  system, 
these  gifts  all  have  one  thing  in  common  —  they 
rocked  during  our  tryouts.  Page  3 


So  sit  back,  relax  and  enjoy  the  music  as  you  peruse 
this  year’s  guide.  For  an  encore,  head  online  to 
www.nwdocfinder.com/7433  to  see  our  suggestions  for 
holiday  gifts  that  will  make  you  feel  like  a  rock  star. 
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NETWORK  INFRASTRUCTURE  TECH  UPDATE 


8  Microsoft  touts  virtualization. 

10  Defining  security  myths,  truisms. 

12  Visa  charges  into  virtualization. 

14  EX  8208:  better  late  than  . . . 

14  Once  thought  safe,  WPA  Wi-Fi 
encryption  is  cracked. 

17  Opinion  Howard  Anderson:  CIOs 
face  additional  pressures. 


30  Going  green 
with  BPM  tools. 

32  Mark  Gibbs: 

Wolverine  Internet 
radio  is  almost  good. 

32  Keith  Shaw: 

Lessons  learned  in  the 
holiday  gift  guide. 


Broadband  bonanza 

Broadband  subscribers  all  over  the 
world  are  getting  more  for  their  money. 
The  costs  of  cable,  fiber  and  DSL  sub¬ 
scriptions  are  all  dropping, 
and  at  the  same  time  speeds 
are  increasing,  according  to 
market  research  company 
Point  Topic.  DSL  has  seen  the 
largest  average  worldwide 
price  drop,  20%  during  the 
first  three  quarters  of  2008. 
Broadband  users  paid  $66.75 
on  average  for  a  subscription 
in  the  first  quarter  and  $53.32 
during  the  third. 


Say  it  ain’t  so:  sinking  iPhone 
demand? 

Apple  probably  will  cut  production  of 
its  hot-selling  iPhone  3G  handset  as 
much  as  40%  in  this  quarter,  an  analyst 
warned,  saying  the  expected  change 
signals  weaker  demand  for  consumer 
electronics.The  prediction  drew  criti¬ 
cism  from  Apple  observers,  however, 
who  said  the  situation  isn’t  that  grim. 


Nokia,  Egenera  announce  layoffs 

To  read  the  hype,  you’d  think  all  was 
hunky-dory  in  the  worlds  of  wireless 
and  virtualization,  but  that  apparently  is 
not  the  case.  Nokia  is  cutting  600  jobs, 
mainly  in  sales  and  marketing,  but  also 
in  long-term  R&D.  Egenera,  meanwhile, 
is  cutting  87  people,  according  to  a 
Boston  Globe  story,  and  shifting  its 
sales  focus  to  include  more  reliance  on 
hardware  vendors  to  sell  its  software. 


A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
last  week: 


Should  the  Morris  worm  writer  be 
pardoned? 


APPLICATION  SERVICES 

46  Opinion  ’Net  Buzz:  ’Net  teaches 
print  another  lesson. 

SERVICE  PROVIDERS 


Total  voters  for  this  poll:  417 

Vote  and  discuss:  www.nwdocfinder.com/7440 
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5  Catch  up  on  the 
latest  online  stories, 
blogs,  newsletters 
and  videos. 
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Morris,  20  years  later 

Re:  Morris  worm  turns  20:  Look  what  it's 
done  (www.nwdocfinder.com/7421): 

While  it’s  true  that  the  Morris  worm  generat¬ 
ed  the  first  major  mainstream-media  coverage 
of  the  Internet,  it’s  a  wild  exaggeration  to  say  as 
Steve  Bellovin  does,  that  “Nobody  had  ever 
heard  of  the  Internet  unless  you  were  a  com¬ 
puter  scientist.”  At  that  time,  there  were  mil¬ 
lions  of  people  in  academia  and  among 
recent  college  graduates  who  were  not  com¬ 
puter  scientists  but  knew  what  the  Internet 
was,  and  a  significant  number  of  them  had 
regular  access  to  (at  least)  Internet  e-mail.  1,  a 
junior  in  college,  majoring  in  history  who 
never  took  a  computer  class  in  his  life  and 
couldn’t  program  his  way  out  of  a  paper  bag, 
was  one  of  those  people. 

Greg  Andrew 

Discuss  at  www.nwdocfinder.com/7422 

Re:  Where  is  Robert  Morris  now?  (www.nw 
docfinder.com/7423): 

Great  piece  on  the  Morris  worm;  thanks!  I 
would  add  that  the  focus  also  expands,  in 
addition  to  profit,  to  include  a  new  form  of 
warfare,  as  when  Russia  has  attacked  various 
countries  via  denial  of  service  on  a  very  big 
scale. 

Robert  Carter 

Discuss  at  www.nwdocfinder.com/7424 

Deep  data  digging 

Re:  False  scares  (www.nwdocfinder.com 
/7425): 

Don’t  bet  against  a  motivated  foe  doing 
data  recovery  As  one  example  of  what  can 
be  done  with  paper,  see  this  BBC  piece  on 
the  Archimedes  Palimpsest  (www.nwdoc 
finder.com/7432),  where  researchers  are 
using  multispectral  imaging  to  recover  text 
from  a  13th-century  book  that  had  been 
scrubbed  clean  and  reused. 

If  you’re  serious  about  document  destruc¬ 
tion, you  shouldn’t  put  up  with  any  less  than  a 
heap  of  slag  or  a  lump  of  molten  plastic  as  the 
output  of  your  efforts. 

Edward  Vielmetti 

Discuss  at  www.nwdocfinder.com/7425 
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For  more  information  on  code  scanning 
see  www.nww.com/codescan 


Twitterpation 

Re:  Twitter  squatting  (www.nwdocfinder 
.com/7426): 

I  understand  that  squatting  can  be  an 
annoyance, and  that  the  cost  to  the  squatter  is 
essentially  null  compared  to  the  annoyance 
to  the  person  whose  brand  is  squatted. 

But  Twitter  IDs  are  not  quite  like  domain 
names.  In  fact,  I  studiously  ignore  tweets  from 
users  with  corporate  brand  names,  since  I 
assume  those  aren’t  human-generated. 

I’d  be  more  concerned  about  squatters 
going  after  people’s  names.  And  that  really 
would  be  a  concern  only  if  they  not  only 
squatted  but  used  those  IDs  to  undermine  the 
person’s  reputation.  And,  as  others  have  point¬ 
ed  out,  this  is  just  as  much  a  problem  with  any 
other  venue  where  you  create  an  account  that 
claims  to  be  associated  with  a  person,  for 
example,  a  Web  mail  or  social-network 
account  —  or  even  signing  a  name  on  a  com¬ 
ment.  Like  this  one.  But  I’m  really  me,  I  swear! 

Daniel  Tunkelang 
Discuss  at  www.nwdocfinder.com/7426 

Risk  mgmt.  in  down  times 

Re:  How  you  can  use  identity  management 
to  decide  where  to  invest  your  hard-earned 
cash  (www.nwdocfinder.com/7427): 

We’ve  seen  firsthand  that  companies  that 
embraced  risk  management  as  a  discipline 
were  better  prepared  to  manage  the  IT  impli¬ 
cations  of  the  economic  downturn.  It’s  pretty 
interesting  —  now,  there  seems  to  be  even 
more  focus  on  managing  IT  risk,  particularly 
the  risk  associated  with  identity  and  access.  As 
layoffs  loom  large  and  companies  are  acquir¬ 
ing  or  being  acquired,  they  have  an  even 
greater  need  to  manage  and  control  the  “insid¬ 
er”  risk.  I  have  a  feeling  we  haven’t  seen  the  last 
headline  about  disgruntled  employees  com¬ 
mitting  sabotage  or  selling  data  for  profit  on 
the  Internet. 

It  makes  eminent  sense  for  organizations  to 
conduct  identity  risk  audits  now  to  better 
anticipate  the  risk  of  turbulent  times  while  pro¬ 
tecting  their  corporate  integrity  We’re  recom¬ 
mending  companies  start  with  an  “identity 
inventory”  to  gain  visibility  and  control  over 
the  access  privileges  of  their  employees,  con¬ 
tractors  and  partners.  Taking  this  step  in 
advance  of  downsizing,  merger  or  acquisition 
activity  can  pay  big  dividends  by  enabling 
companies  to  better  navigate  large-scale  termi¬ 
nations  or  transitions.  As  simple  as  it  sounds, 
tracking  and  monitoring  “who  has  access  to 
what”  gives  employers  a  big  advantage  in  the 
risk-management  game  —  and  helps  minimize 
those  insider-sabotage  headlines. 

Mark  McClain 
Founder  and  CEO ;  SailFbint 
Discuss  at  www.nwdocfinder.com/7428 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World ,  492 
Old  Connecticut  Path,  Framingham,  MA  01 701- 
9002.  Please  include  phone  number  and  address 
for  verification. 
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COOL  TOOLS: 


TECH  UPDATE  2.0: 


Holiday  gift  guide 

Check  out  Keith  Shaw’s 
favorite  tech  gifts  for 
the  upcoming  holiday 
season,  take  a  special, 
behind-the-scenes  look 
at  the  rock-star  photo 
shoot,  and  watch  Keith 
play  Rock  Band  2  with  a 
bunch  of  his  "friends.” 

www.nwdocfinder.com/7444 


Better  search  via 
text  analytics 

Searching  for  meaning¬ 
ful  data  in  an  enterprise 
environment  is  still  not 
easy,  but  as  Lexalytics 
Jeff  Catlin  shows,  new 
search  techniques  are 
here  to  help. 

www.nwdocfinder.com/7445 


White  noise 

Having  trouble  getting 
to  sleep  while  on  the 
road?The  handy  White 
Noise  app  plays  a  vari¬ 
ety  of  background 
noises  to  help  Mr. 
Sandman  come  visit. 

www.nwdocfinder.com/7446 
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Reduce  data  breach  risks  with 
secure  USB  flash  drives 


I BLOGOSPHERE 


■  An  open  letter  to  to  President-elect 
Obama.  Richard  Stiennon  writes  in  his 
Stiennon  on  Security  blog:  “I  am  writing  to 
alert  you  to  the  serious  action  that  is 
required  to  secure  the  information  systems 
of  the  country  that  you  will  soon  lead. To  say 
that  the  U.S.  government  computing  infra¬ 
structure  —  in  all  of  its  various  branches, 
departments,  and  offices  —  is  vulnerable  is 
an  understatement.  While  the  GAO  and 
OMB  have  been  doing  what  they  can  to  push 
security,  they  are  facing  staunch  resistance 
to  change.  Anyone  in  the  private  sector  who 
has  tried  to  implement  change  in  security 
practices  has  encountered  the  resistance 
that  is  now  in  evidence  within  your  govern¬ 
ment.  Only  through  executive  dictate  can 
real  change  happen.  Here  are  my  ten  sug¬ 
gestions  for  immediate  action  to  secure  the 
United  States  against  the  threat  of  espi¬ 
onage,  random  attacks,  terrorist  attacks 
against  cyber  infrastructure,  and  all-out 
cyber  warfare." 

www.nwdocfinder.com/7436 

■  IT  and  tough  times.  Glenn  Weadock 
writes  in  his  On  Windows  Server  2008  blog: 
"So,  the  stock  market  has  tanked,  may  tank 
further,  and  the  gurus  (not  that  they’re  always 
right  by  any  means)  seem  to  feel  that  the 
United  States  is  looking  at  a  two-year  reces¬ 
sion,  if  not  longer.  Feeling  a  bit  philosophical, 

I  started  wondering  how  much  the  financial 
meltdown  will  impact  infotech.The  net  effect 
seems  blurry  at  this  time,  partly  because 
companies  put  money  into  IT  if  they  perceive 
that  it  will  improve  productivity,  and  you  can 
argue  that  improving  productivity  is  just  as 
important  in  lean  times  as  in  prosperous 
ones.  When  your  bottom  line  is  being  pum- 
meled,  you  look  for  ways  to  economize;  and 
although  early  implementations  of  PC  tech¬ 
nology  did  not  necessarily  bring  productivity 
gains  (my  1995  book,  Exploding  the  Computer 
Myth,  was  all  about  that  thesis),  many  com¬ 
panies  have  by  now  figured  out  how  to  use  IT 
to  run  leaner,  meaner,  and  smarter.  (In  some 
cases,  just  leaner  and  meaner.)”  www.nw 
docfinder.com/7437 

■  Healthcare  providers  are  scrambling 
to  become  PCI  compliant.  Jamey  Heary 
writes  in  his  Cisco  Security  Expert  blog:  "PCI 
compliance  has  been  a  focus  for  retail  com¬ 
panies  for  years,  but  it  is  only  recently  that 
healthcare  providers  are  diving  into  the  PCI 
pool.  Healthcare  providers,  like  hospitals, 
doctor's  offices,  clinics,  etc.,  are  just  starting 
to  appreciate  the  sometimes  massive 
amount  of  credit  card  data  that  is  being 
transmitted  and  stored  on  their  networks  and 
hosts."  www.nwdocfinder.com/7438 


Tech  exec:  Imagine  yourself  in  this  position. 
It’s  Monday  morning,  and  your  task  is  to  go 
to  your  lead  executive  to  let  him  know  that 
an  ambitious  employee  who  wanted  to  get 
some  work  done  over  the  weekend  just 
reported  that  her  USB  flash  drive  was  either 
lost  or  stolen  from  her  desk.  The  drive  con¬ 
tains  downloaded  medical  and  financial 
records  for  1,200  patients  with  HIVAIDS  and 
other  medical  conditions.The  data  stored 
on  the  drive  is  not  password-protected  or 
encrypted  and  includes  the  patients’  names, 
medical  record  numbers,  billing  codes,  the 
facilities  where  the  office  visits  occurred 
and  other  billing  information.lt  also  includ¬ 
ed  the  patients’  Medicaid  or  Medicare  num¬ 
bers,  which  can  indicate  their  Social  Se¬ 
curity  numbers  or  those  of  their  spouses. 
What  a  way  to  start  the  week,  right? 

The  unfortunate  thing  is  that  this  scenario 
really  happened.  In  July  2008,  an  administrator 
at  the  Harris  County  (Texas)  Hospital  District 
admitted  losing  the  USB  drive  with  all  that 
sensitive  information.  She  simply  wanted  to 
catch  up  on  her  work  at  home  over  the  week¬ 
end,  and  now  the  county  department  has  a 
major  data  breach  —  as  well  as  HIPAA  viola¬ 
tions  —  on  its  hands.  Could  something  like 


this  happen  in  your  office?  Very  likely  yes.  In 
recent  years,  USB  flash  drives  have  prolife¬ 
rated;  their  cost  and  convenience  make  them 
extremely  popular  with  office  workers. You, 
yourself,  probably  have  a  handful  of  them  in 
your  desk  drawer.  I  do. 
www.nwdocfinder.com/7429 

Wireless:  The  last  few  newsletters  have 
examined  industry  efforts  to  improve  over-the- 
air  uptime  in  wireless  LANs.  But  the  RF  por¬ 
tion  of  the  network  is  just  part  of  the  equa¬ 
tion. The  access  point  infrastructure  and 
WLAN  controllers  require  high-availability 
schemes  to  ensure  that  WLANs  perform  com¬ 
parably  to  Ethernet.  As  noted  last  week,  if  an 
access  point  fails,  one  of  two  things  is  likely  to 
happen,  depending  on  the  vendors  architec¬ 
ture:  A  nearby  access  point  will  increase  its 
power  output  to  fill  in  the  gap,  or  the  network 
will  route  around  the  failure  to  another 
access  point,  likely  using  a  mesh  setup.  One 
question  this  raises  is:  Can  you  keep  an  access 
point  (and  its  WLAN  controller  connection) 
from  failing  in  the  first  place  so  as  not  to 
cause  a  ripple  effect  of  increased  loads  and 
congestion  in  nearby  access  points? 
www.nwdocfinder.com/7430 
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Cisco  boosts  edge  router, 
targets  SMB  market 

Cisco  has  unveiled  an  enhanced  enterprise  edge  router  with  a  higher-speed 
processor  and  launched  yet  another  initiative  to  better  penetrate  the  small- 
to-midsize  business  market.  Cisco’s  ASR  1000  Series  20Gbps  Embedded 
Services  Processor  (ESP-20G)  doubles  the  service  processing  rate  of  the  ASR  1000, 
which  debuted  in  March  and  has  250  customers. 


The  processor  offers  application  perform¬ 
ance  and  control  features  including  opti¬ 
mization  for  such  business  applications  as 
ERP  and  CRM,  and  tools  to  help  customers 
prioritize  or  block  more  than  60  applica¬ 
tions  including  Skype  and  instant  messag¬ 
ing.  Cisco’s  ESP-20G  for  the  ASR  1000 
Series  is  priced  at  $50,000.  Separately, 

Cisco  announced  a  $100  million  invest¬ 
ment  in  product  development,  services 
and  support  for  businesses  with  fewer 
than  100  employees.  Cisco  formed  the 
small-business  technology  group  to  exe¬ 
cute  the  strategy,  led  by  Senior  Vice  Pres¬ 
ident  Ian  Pennell.  All  new  small-business 
offerings  will  be  named  Cisco  Small 
Business  or  Cisco  Small  Business  Pro,  with 
Pro  products  designed  for  customers  with 


more  sophisticated  technology  needs. 

www.nwdocfinder.com/7441 

AT&T  snaps  up  Wayport  for  Wi-Fi  boost. 

AT&T  expanded  the  scope  of  its  Wi-Fi  busi¬ 
ness  last  week  by  purchasing  Wayport, 
which  specializes  in  providing  wireless-net- 
work  management  for  several  big  corpora¬ 
tions,  including  Four  Seasons  hotels  and 
McDonald’s  restaurants. The  $275  million 
acquisition  will  expand  AT&T’s  Wi-Fi  foot¬ 
print  to  roughly  20,000  locations  in  the 
United  States  and  more  than  80,000  loca¬ 
tions  around  the  world.  AT&T  customers 
will  have  access  to  all  the  newly  added  Wi¬ 
Fi  hot  spots,  the  company  says,  and  will  be 
able  to  connect  for  free  using  their  AT&T- 
enabled  smartphones  and  laptops.  In  addi¬ 


tion  to  gaining  more  Wi-Fi  hot  spots,  AT&T 
will  take  over  Wayport ’s  Wi-Fi  management 
infrastructure  to  provide  enterprise  cus¬ 
tomers  with  managed  Wi-Fi  services. 

www.nwdocfinder.com/7442 

U.S.  tech  wages  fall  in  the  third  quar¬ 
ter.  Wages  for  U.S.  technology  jobs  fell  sig¬ 
nificantly  in  the  third  quarter  compared 
with  the  same  period  last  year,  the  IT 
staffing  company  Yoh  Services  reported 
last  week.  Early  in  the  third  quarter,  average 
wages  increased  by  1.86%  compared  with 
2007;  but  average  wages  ended  up  drop¬ 
ping  6.21%  below  2007  levels  as  the  quar¬ 
ter  ended. Yoh  expects  softness  in  wages  to 
continue  through  the  end  of  the  year,  but 
the  situation  may  stabilize  in  early  2009. 

Hot  technology  job  titles  in  the  third  quar¬ 
ter  included  Java  developer,  Oracle  data¬ 
base  administrator,  .Net  developer,  SAP 
consultant  and  firmware/embedded  engi¬ 
neer.  Yoh  arrives  at  its  numbers  by  taking  a 
sample  of  the  temporary  technology  labor 
pool  at  about  1,000  companies  in  such  sec¬ 
tors  as  aviation,  engineering,  IT,  manufac¬ 
turing,  scientific,  telecommunications  and 
utilities.  Wages  in  the  telecom,  healthcare 
and  aviation  sectors  remained  steady  in 
the  third  quarter, Yoh  said. 
www.nwdocfinder.com/7443 
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Microsoft  touts  virtualization 


BY  JOHN  FONTANA 

Microsoft  last  week  distributed  a  pre-beta  of 
Windows  Server  2008  R2  to  a  select  group  of 
testers,  and  highlighted  the  software’s  virtual¬ 
ization  capabilities,  integration  with  Windows  7 
and  other  features. 

The  company  has  moved  to  align  R2,  which 
briefly  was  referred  to  as  Windows  Server  7, 
and  the  Windows  7  client  operating  system, 
although  Microsoft  officials  would  not  say  if 
they  would  ship  together. 

Users  who  adopt  both,  however,  will  get  new 
security  networking  and  other  features,  even 
though  some  of  those  will  require  network 
upgrades,  such  as  implementing  IPv6. 

The  pre-beta  of  R2,  which  is  a  64-bit-only 
platform,  was  given  to  attendees  of  the  com¬ 
pany’s  WinHEC  and  TechEd  EMEA  (Europe, 
Middle  East  and  Africa)  conferences  last 
week.  The  pre-beta  comes  a  week  after 
Microsoft  distributed  Windows  7  to  atten¬ 
dees  at  its  Professional  Developers  Con¬ 
ference  (PDC). 

The  company  said  a  more  widely  distributed 
R2  beta  would  come  next  year  alongside  the 
Windows  7  beta. Two  weeks  ago,  Microsoft  said 
at  its  PDC  that  the  Windows  7  beta  would  ship 
in  early  2009. 

Bill  Laing,  Microsoft’s  vice  president  of 
Windows  Server  and  systems,  however,  said 
after  the  tandem  release  of  the  two  betas  that 
Windows  7  and  R2  would  not  necessarily  share 
the  same  ship  date. 

Microsoft  observers  have  been  theorizing 
that  Windows  7  could  ship  as  early  as  mid-  to 
late  2009.  Laing  said  last  week  Microsoft  still 
plans  to  ship  R2  in  2010. 

Microsoft  also  said  customers  should  begin 
thinking  about  migrating  from  Windows  Server 
2000,  which  will  not  run  on  newer  hardware, 
especially  multicore  systems. 

The  R2  beta’s  integration  with  Windows  7 
was  high  on  the  server’s  feature  list.  Also  on 
that  short  list  were  virtualization,  which 
includes  the  Live  Migration  feature  pulled 
from  the  first  release  of  Microsoft’s  Hyper-V 
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server  virtualization  technology;  manage¬ 
ment  features,  such  as  reduced  power  con¬ 
sumption;  scalability  that  includes  support 
for  256  processors;  and  an  improved  Web 
platform  around  Internet  Information 
Server  7.0. 

The  Windows  7  integration  points  include  a 
laundry  list  of  features  including  DirectAccess, 
which  lets  Windows  7  PCs  connect  directly  to 
intranet-based  resources  without  a  VPN  con¬ 
nection  being  needed. 

While  DirectAccess  could  eliminate  a  VPN 
infrastructure,  users  will  have  to  support  IPv6 
and  IPSec  on  their  network  to  access 
intranet  resources.  Only  a  handful  of  compa¬ 
nies  are  running  IPv6. The  U.S.  Department  of 
Defense  has  said  it  is  adopting  IPv6,  but  has 
yet  to  roll  it  out. 

IPv4  networks  could  provide  translation  ser¬ 
vices  to  IPv6,  Microsoft  said.  R2  will  support  the 
Teredo  Server, Teredo  Relay  ISATAP  Router  and 
6to4  router  transition  technologies.  Six  months 
after  R2  ships,  Microsoft  will  add  its  Forefront 
Intelligent  Access  Gateway  to  the  list. 

A  company’s  network  does  not  have  to  be 
entirely  IPv6  for  DirectAccess  to  work,  Laing 
said.The  client  nodes  and  some  of  the  network 
nodes  for  such  tasks  as  authentication  have  to 
support  IFV6.  Users  will  need  to  support  IPSec, 
however,  he  added.  “DirectAccess  is  a  com¬ 
pelling  feature,  but  there  is  infrastructure  work 
you  need  to  do  and  it  will  take  time  to  roll  this 
out,”  he  said. 

Other  points  of  Windows  7  integration  with 
R2  include  Branch  Caching,  which  caches  fre¬ 
quently  used  content  on  a  branch-office  net¬ 
work;  a  read-only  Distributed  File  System  to 
improve  branch-office  security;  power  man¬ 
agement  via  Group  Policy  BitLocker  drive 
encryption  (referred  to  as  BitLocker  To  Go)  for 
USB  drives;  and  an  Offline  Folders  feature  for 
mobile  users. 

Unique  to  F£2  is  support  for  Live  Migration,  a 
much  anticipated  feature  add-on  to  Hyper-V 
that  will  help  Microsoft  match  similar  tools 
already  available  from  VMware  and  open 
source  hypervisor  platforms.  Live  Migration  is 
key  for  availability  and  scalability  in  the  Virtual 
Desktop  Infrastructure  (VDI)  support  in  R2. 

Another  key  VDI  component  is  Remote 
Desktop  Services  (RDS),  formerly  called 
Terminal  Services,  which  allows  users  out¬ 
side  the  intranet  to  connect  to  desktops  and 
applications  running  inside  virtual 
machines  on  a  server. 

RDS  includes  the  Remote  Desktop  Con¬ 
nection  Broker,  an  upgrade  to  Windows 
Server’s  Session  Broker;  and  an  administra¬ 
tive  set-up  tool  for  server-based  virtualized 
desktops  and  traditional  Terminal  Services 
remote  desktops. 

Microsoft  is  building  its  VDI  infrastructure  on 
the  back  of  the  Connection  Broker,  Hyper-V 
and  Virtual  Machine  Manager. 


RDS  fits  in  a  loose  grouping  with  Microsoft’s 
other  virtualized  desktop  software  that  is  part 
of  its  popular  Microsoft  Desktop  Optimi¬ 
zation  Pack,  which  includes  App-V  and 
Enterprise  Desktop  Virtualization. 

Microsoft  also  is  working  on  application  vir¬ 
tualization  for  Windows  Server  2008,  but  that 
will  not  be  part  of  R2.Also  not  in  the  release 
is  technology  acquired  when  Microsoft 
bought  Calista  Technologies  that  delivers  3D 
graphics,  such  as  Vista  Aero  Glass,  and  multi- 
media  support  to  virtualized  desktops. 

Microsoft  will  continue  with  server 
announcements  next  week,  when  it  launches 
its  servers  for  small  and  midsize  businesses  — 
Windows  Small  Business  Server  2008  and 
Windows  Essential  Business  Server  2008.  ■ 


InBrief 

AMD  lays  off  500  staff 

Advanced  Micro  Devices  plans  to  lay  off 
500  employees,  representing  3%  of  its  cur¬ 
rent  staff.  Battered  by  a  resurgent  Intel  and 
product  delays,  AMD  has  struggled  to  turn 
a  profit  in  recent  quarters.  Last  month,  the 
chip  maker  reported  a  third-quarter  loss  of 
$67  million  on  revenue  of  $1.8  billion  —  the 
company’s  eighth  consecutive  quarterly 
loss.  AMD  executives  hope  to  recover  from 
their  financial  troubles,  counting  on  new  ATI 
graphics  chips  and  the  company’s  upcoming 
Shanghai  server  processor  to  turn  things 
around.  In  addition,  AMD  last  month 
reached  an  agreement  to  spin  off  its  manu¬ 
facturing  arm  to  Abu  Dhabi's  Advanced 
Technology  Investment  Co.  in  a  deal  valued 
at  $2.1  billion.  Earlier  this  year,  AMD 
announced  plans  to  lay  off  around  1,600 
staff,  about  10%  of  the  company's  workforce 
at  the  time. 

Barracuda  bites  into  backup 
and  disaster  recovery 

Security  appliance  vendor  Barracuda 
Networks  has  bought  BitLeap,  which  sells 
managed  backup  and  disaster-recovery 
services,  as  well  as  the  LeapServ  appli¬ 
ance,  which  automates  backups  over  a 
LAN.  Financial  details  of  the  acquisition 
were  not  released,  but  Barracuda  said  that 
it  plans  to  retain  all  of  BitLeap’s  employ¬ 
ees.  BitLeap’s  products  will  be  renamed, 
with  the  managed  service  now  called  the 
Barracuda  Backup  Service  and  LeapServ 
now  renamed  the  Barracuda  Backup 
Server.  Based  in  Carlisle,  Pa.,  BitLeap  has 
a  staff  of  16. 
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The  award-winning  SonicWALL  Network 
Security  Appliance  (NSA)  Series  is  the  first 
to  use  a  Reassembly-free  Deep  Packet 
Inspection”  (RFDPI)  engine  in  combination 
with  a  multi-core  specialized  security 
microprocessor  to  deliver  gateway  anti- 
virus,  anti-spyware  and  intrusion  prevention 
at  gigabit  speed,  Now  you  don’t  have  to 
compromise  security  in  exchange  for  network 
throughput.  Whether  you’re  running  a  small 
business  or  a  complex  enterprise,  the  newly 
expanded  NSA  Series  has  the  right  solution 
for  your  network  security  needs.  In  addition 
to  the  enterprise  ready  E-Class  NSA  Series, 
SonicWALL  is  introducing  the  new  NSA  240  for 
branch  offices  and  the  SMB.  The  NSA  Series 
has  the  enterprise-class  features  you’d 
expect  including  Application  Firewall, 
state  sync,  and  single  sign-on.  And  it 
combines  with  the  SonicWALL  Global 
Management  System  to  centrally  manage 
thousands  of  appliances.  Reliable,  multi¬ 
functional  threat  protection  now  comes  in  one 
powerful  package,  making  it  your  best  path 
to  combat  viruses,  spyware  and  intrusions. 
Learn  more  about  our  full  line  of  SonicWALL 
NSA  solutions  at  www.sonicwall.com/fast 
or  call  1.888.557.6642 
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Defining  security  myths,  truisms 


BY  ELLEN  MESSMER 

They  are  etched  into  the  conventional  wis¬ 
dom  of  IT  security  but  are  these  1 1  articles  of 
faith  (to  some)  actually  wise,  or  are  they  essen¬ 
tially  myths?  We’ve  assembled  a  panel  of 
experts  to  offer  their  judgments. 

1.  There’s  security  in  obscurity. 

David  Lacey,  Jericho  Forum  founder  and 
researcher:  Yes,  there  is.  Not  everything  is 
known  or  knowable  to  an  attacker.  This 
uncertainty  prevents  and  deters  the  vast 
majority  of  attacks. 

Nick  Selby,  analyst,  The 
451  Group:  No,  there’s  con¬ 
venience  in  security.  Say 
you’re  trying  to  keep  your 
kid  from  discovering  the 
birthday  party  plans  you’re 
making,  and  you  don’t  want 
the  workaday  toil  of  waiting 
until  he’s  asleep  to  discuss 
them.  So  around  the  dinner 
table,  speak  German.  Now, 
for  protection  of  ...  well, 
anything,  it’s  just  not  on. Wherever  you  hide  the 
front  door,  it  is  trivially  discovered, so  recognize 
you  live  in  a  bad  area,  get  a  strong  front  door 
with  good  locks  —  and  don’t  hide  the  key 
under  the  garden  gnome. 

Bruce  Schneier,  crypto  expert,  chief  security 
technology  officer  at  BT:  All  security  requires 
some  secrets:  a  cryptographic  key  for  example. 
But  good  security  comes  from  minimizing  and 
encapsulating  those  secrets. The  more  parts  of 
a  system  you  can  make  public  —  the  less  you 
have  to  rely  on  secrecy  or  obscurity  —  the 
more  secure  your  system  is. 

Peter  Johnson,  global  information  security 
architect,  Lilly  UK:  It  can  slow  down  the  bad 
guys,  but  they  will  find  out  in  the  end.  It  is  like 
closing  the  front  door  at  home,  and  hoping 
nobody  will  try  opening  it. 

John  Pescatore,  Gartner  analyst:  Only  true 
within  the  bounds  of  the  tried  and  true  con¬ 
cept  of  “need  to  know?  For  example,  keeping 
your  password  obscure  is  obviously  a  smart 
strategy  —  only  you  have  a  need  to  know. ... 
Where  this  one  falls  apart  is  when  the  assump¬ 
tion  is  that  obscurity  means  security.  This  is 
never  true  —  and  worse,  when  people  design 
software  with  this  concept  in  mind,  all  kinds  of 
bad  things  happen. 

Richard  Stiennon,  independent  analyst:  I 
was  thinking  about  this  in  terms  of  Web  appli¬ 
cation  firewalls.There  are  70  million  Web  sites 
but  probably  only  a  few  thousand  Web  appli¬ 
cation  firewalls  sold  so  far.  Most  Web  sites  are 
protected  by  the  principal  of  security  through 
obscurity 

Andrew  Yeomans,  vice  president  of  global 
information  security  at  an  investment  bank, 
and  Jericho  Forum  member:  Obscurity  buys 


you  time,  but  doesn’t  last  forever.  Obscurity  can 
add  an  extra  barrier,  and  may  deter  poorly 
resourced  attacks.  But  a  better-resourced 
attacker  may  succeed,  and  as  costs  keep  drop¬ 
ping,  may  only  need  low-cost  resources  in  the 
future.  And  once  obscurity  is  lost,  security  is 
lost  forever,  too. 

2.  Open  source  software  is  more  secure 
than  closed  source. 

Yeomans:  At  least  when  open  source  breaks 
you  get  to  keep  the  pieces,  and  might  be  able 
to  glue  them  together  yourself.  Some  open 
source  software  has  been  well  inspected 
(“many  eyes  make  bugs  shallow”)  but  con¬ 
versely  other  open  source  software  is  relatively 
insecure.  There’s  probably  little  to  choose 
between  comparable  open  and  closed  source 
software  on  pure  security  grounds.  But  open 
source  has  the  advantage  that  you  can  do  a 
code  review  yourself,  or  pay  to  have  one  done, 
and  also  that  it  is  possible  to  fix  problems  your¬ 
self  without  having  to  wait  for  the  vendor. 

Lacey:  They  present  a  different  set  of  risks. 
Neither  is  more  secure  than  the  other. 

Schneier  Secure  software  is  software  that  has 
been  analyzed  by  smart  security  programmers. 
There  are  two  basic  ways  to  get  software  ana- 
lyzed:You  can  pay  people,  or  you  can  make  the 
code  public  and  hope  they  do  it  for  free.  Open 
source  software  has  the  potential  to  be  more 
secure  than  proprietary  software,  but  making 
code  public  doesn’t  magically  make  it  more 
secure. 

Johnson:  At  least  you  know  what  you’re  get¬ 
ting  [with  open  source]  —  but  it  requires  a  dif¬ 
ferent  approach  to  support  it,  particularly  in  a 
regulated  environment. 

Pescatore:  This  one  is 
not  that  far  off,  but  still  not 
true. The  most  secure  soft¬ 
ware  is  software  that  is 
developed  with  the  most 
attention  to  security.  Most 
open  source  develop¬ 
ment  projects  do  not  have 
much  of  a  secure  devel¬ 
opment  life  cycle.  But  I 
do  believe  that  software  John  Pescatore 
developed  knowing  the 
source  will  be  open  is 
more  secure  than  software  developed  that  is 
depending  on  security  through  obscurity. 
Developers  are  less  likely  to  build  in  Easter 
eggs,  back  doors  and  other  stupid  things  when 
they  know  the  source  will  be  widely  viewed. 

3.  Regulatory  compliance  is  a  good  mea¬ 
sure  of  security. 

Lacey:  Yes,  it  is.  I  have  always  found  a  direct 
correlation  between  the  number  of  controls 
implemented  and  the  level  of  incidents  and 
vulnerability. 


Selby:  LOL. 

Stiennon:  Obviously  not.  You  can  be 
extremely  secure  but  not  compliant.  Just  as 
you  can  easily  be  compliant  but  not  secure. 

Schneier  Compliance  is  a  good  measure  of 
the  regulation.  If  the  security  regulation  is  a 
good  one,  then  compliance  improves  security 
If  it’s  a  bad  one,  then  it  doesn’t. 

Yeomans:  It’s  not 

always  a  measure  of 
good  security  Regulatory 
compliance  will  help 
provide  a  reasonable 
base  level  of  security  and 
may  make  it  easier  to  jus¬ 
tify  the  budget  cost.  But  it 
may  sometimes  lead  to  Andrew 

good  security  measures  Yeomans 

being  noncompliant,  and 
compliant  measures  being  more  expensive 
than  is  justified. 

Johnson:  There  are  usually  many  ways  to 
comply  with  a  regulation  —  not  all  are  as 
secure  as  the  others.  Experience  has  shown 
this, and  now  the  regulators  are  starting  to  try  to 
specify  requirements,  which  is  going  to  be  dif¬ 
ficult  as  they  generally  do  not  understand 
security 

Pescatore:  No-brainer, dead  wrong.  Especially 
for  something  like  Sarbanes-Oxley  which  has 
actually  nothing  to  do  with  security  What  we 
tell  clients  is:  Protect  your  business,  protect 
your  customers  and  then  demonstrate  compli¬ 
ance  to  whatever  regimes  you  are  under. 

4.  There's  no  way  to  measure  security 
return  on  investment. 

Lacey:  You  can  assess  many  benefits  accu¬ 
rately  based  on  historical  statistics,  but  not 
every  benefit  is  measurable,  and  future  bene¬ 
fits  cannot  be  guaranteed. 

Schneier  There  are  lots  of  ways  to  measure 
security  ROI,  all  of  them  flawed.  This  doesn’t 
mean  we  should  stop  trying,  however. 

Yeomans:  ROI  makes  a  lot  of  sense  for  a  ven¬ 
dor,  much  less  for  a  purchaser.“Prevention  of  a 
possible  loss”  isn’t  a  gain,  otherwise  I’d  be  rich 
from  not  betting  on  the  lottery!  Some  security 
investments  have  a  measurable  return,  such  as 
more  customers  or  lower  expenses.  For  exam¬ 
ple,  the  security  measures  allowing  safe  online 
banking  and  shopping  has  generated  a  posi¬ 
tive  return  in  those  industries.  But  it  quickly 
became  a  minimum  requirement  for  doing 
business,  especially  for  later  entrants  to  the 
business. 

Pescatore:  There  are  plenty  of  ways  to  mea¬ 
sure  security  ROI,  but  there  are  very  few  times 
when  doing  so  makes  any  business  sense. 
Have  you  ever  seen  a  CEO  ask  what  the  ROI  is 
in  having  a  roof  on  the  building,  locks  on  the 
doors?  The  real  issue  is  tying  security  into  busi¬ 
ness  needs  —  the  business  needs  determine 
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the  ROI. 

Stiennon:  There  is  a  way  today  because  most 
organizations  have  security  budgets  so  they 
can  measure  spend  on  security  and  compare 
it  to  cost  of  improved  security 

5.  The  Russian  cybermafia  is  to  blame  for 
the  worst  online  crime. 

Stiennon:  The  RBN  [Russian  Business 
Network]  is  responsible  for  some  of  the  most 
malicious  malware  and  concerted  attacks. 

Lacey:  Depends  on  what  you  mean  by 
“worst.”  It  certainly  is  responsible  for  a  lot. 

Yeomans:  Traditional  fraud  committed  with 
a  computer  beats  them. 

Schneien  They’re  certainly  to  blame  for  a  lot 
of  it,  but  I  don’t  think  we  know  enough  to  rank 
the  various  criminal  organizations  from  best  to 
worst. 

Pescatore:  This  one  isn’t  far  off,  but  who 
cares?  If  your  house  is  robbed  because  you  left 
the  windows  open,  does  it  matter  where  the 
thief  came  from?  Close  the  vulnerabilities  and 
you  stop  all  kinds  of  cybercriminals. 

Johnson:  I  would  not  like  to  comment  to  pro¬ 
tect  the  safety  of  my  family. 

6:  Antivirus  software  is  essential  to  pre¬ 
vent  malware. 

Lacey:  Yes,  it  is.  Just  try  operating  without  it. 

Yeomans:  Only  on  some  platforms  with 
some  types  of  user.  Some  people  seem  to 
attract  malware,  others  don’t.  And  desktop  sys¬ 
tems  are  more  likely  to  be  hit  than  servers, 
Windows  XP  more  likely  than  Unix  and  Vista. 
The  scale  of  production  of  malware  variants 
also  makes  it  even  more  difficult  for  pure 
antivirus  systems  to  keep  up.  Expect  a  trend 
toward  white-listing  and  sandboxing  tech¬ 
niques  and  away  from  simply  looking  for 
known  bad  stuff. 

Schneien  Antivirus  software  is  necessary  but 
not  sufficient.  I  suppose  if  you  have  a  really 
secure  network,  you  don’t  need  antivirus  soft¬ 
ware  on  the  hosts.  But  why  take  the  risk? 

Johnson:  It  keeps  the 
noise  down  so  you  can 
concentrate  on  the  quiet 
and  dangerous  malware 
that  the  traditional 
antivirus  is  likely  to  miss.  It 
is  still  a  must  certainly  in 
the  Windows  environ¬ 
ment,  but  that  is  starting  to 
be  challenged  based  on 
the  lower  visibility  of  mal¬ 
ware  attacks  today. 

Pescatore:  On  the  desktop,  antivirus  software 
is  primarily  a  removal  tool,  not  a  prevention 
tool.  In  the  e-mail  flow  and  in  Web  security 
gateways,  antimalware  is  a  must. 

Stiennon:  Not  a  myth.  The  myth  would  be: 
Configuration  management  and  a  behavior- 
based  solution  can  protect  you  from  malware. 

7.  Outsourcing  security  is  riskier  than 
staying  in-house. 

Lacey:  Yes,  it  is. You  lose  a  massive  amount  of 


visibility  and  control. 

Schneier.  People  are  risky  whether  they  get  a 
paycheck  signed  by  you  or  one  signed  by  the 
outsourcer.  Focus  on  how  those  people  are 
hired,  how  they  are  trained,  how  they  are 
monitored,  and  how  they  are  audited  —  not 
on  who  signs  their  paycheck.  Often,  an  out¬ 
sourcer  has  more  security  measures  in  place 
than  you  do. 

Johnson:  Operationally  it  makes  little  differ¬ 
ence;  understanding  the  requirement,  setting 
the  expectation, and  then  monitoring  the  com¬ 
pliance  is  the  key 

Pescatore:  If  you  need  24/7  coverage,  choose 
a  solid  managed  security  service  provider,  and 
choose  the  right  services  to  outsource  —  then 
for  three  out  of  four  businesses,  this  myth  is 
dead  wrong. 

Stiennon:  Outsourcers  can  hire  better  people 
and  because  they  see  more  real  bad  things, 
they  are  better  at  reacting. 

Yeomans:  You  can’t  outsource  your  liabilities. 
But  specialists  might  beat  the  local  generalist 
team.  It  all  depends.  A  well-skilled  in-house 
team  will  likely  beat  an  outsourcer,  but  might 
not  be  able  to  provide  24-hour-a-day  cover.  And 
if  an  in-house  team  doesn’t  have  the  skills  or 
time,  the  outsourced  security  will  be  lower  risk. 

8.  Biometrics  is  the  best  authentication. 

Pescatore:  Only  in  the  movies. 

Yeomans:  So  long  as  you  don’t  mind  getting 
it  wrong  quite  often.  False  acceptance  rates 
and  false  reject  rates  will  need  to  be  under¬ 
stood.  Biometrics  fits  some  problems  well,  but 
not  all. 

Lacey:  Depends  what  you  mean  by  “best.”  It’s 
the  ideal  approach  but  not  yet  perfected. 

Johnson:  At  least  you  cannot  forget  it  —  but 
it  is  a  bit  of  a  problem  changing  it  regularly  As 
with  many  solutions,  implementation  is  the  key 

Schneier  Like  all  security  systems,  biomet¬ 
rics  have  value  but  are  not  a  panacea.  There 
are  applications  where  they  make  great 
authentication  systems,  and  there  are  applica¬ 
tions  where  they  do  not  make  sense  at  all. 

Selby:  Have  you  ever  stood  at  a  door  or  a 
laptop  swiping  your  finger  like  an  idiot?  Even 
a  New  York  City  MetroCard  has  a  certain 
cranky  rhythm.  Now  let’s  roll  out  some  kind  of 
biometric-device  lock  to  all  61,000  of  our 
employees.  We’re  safe  now  —  Yes,  Gretchen, 
put  your  eyeball  up  to  the  eyecup.  No,  look 
straight  ahead.  Not  working?  Maybe  you’re  not 
really  Gretchen, ‘Gretchen.’  Hurry  up  —  there 
are  43,600  people  trying  to  get  into  that  bath¬ 
room  door. 

9.  Digital  certificates  identify  a  Web  site. 

Stiennon:  Good  one! 

Yeomans:  When  used  by  good  people  and 
processes.  Public-key  cryptography  is  still 
mathematically  good  to  identify  a  certificate, 
but  it’s  only  as  good  as  the  handling  process  of 
the  certificates. 

Schneier  Digital  certificates  can  identify  a 
Web  site  but  who  ever  looks? 

Lacey:  They  do  if  the  recipient  understands 


how  to  use  them. 

Pescatore:  Extended  validation  SSL  certifi¬ 
cates  do  identify  a  Web  site  for  those  of  us 
using  new  enough  browsers  to  recognize 
them  and  who  have  actually  figured  out  what 
a  green  URL  bar  means  —  still  less  than  half 
the  users. 

Johnson:  But  is  it  the  right  Web  site,  and  a  safe 
one?  How  many  users  know  how  to  use  cer¬ 
tificates,  and  even  if  they  do,  what  about  all  the 
advertisements,  and  other  content  feeds? 

10.  Employees  can  be  trained  to  behave 
securely  and  resist  social  engineering 
online. 

Pescatore:  This  will  be  true  when  gambling 
casinos  go  out  of  business  because  people  no 
longer  fall  for  the  illusion  that  they  might  actu¬ 
ally  win  something. 

Yeomans:  Yes,  but  remember  Abraham 
Lincoln  said,  “You  can  fool  all  of  the  people 
some  of  the  time.”  Education  will  help  people 
detect  many  security  problems,  but  there  will 
always  be  some  that  get  past  even  experts. 

Selby:  Porn  on  the  DCl’s  laptop.  That  kind  of 
says  it  all,  about  employees  behaving  securely 
And  resisting  social  engineering  is  really  hard, 
as  most  people  you’d  want  to  hire  are  socially 
disposed  to  try  to  be,  at  the  very  least,  helpful. 

Schneier  We’re  human, 
and  we  act  as  humans  do. 

Social  engineering  preys 
on  our  inherent  human¬ 
ness.  You  can  train  people 
to  behave  better,  but  you 
will  never  be  able  to  train 
them  not  to  be  human. 

Johnson:  The  saying 
comes  to  mind:  “You  can 
lead  a  horse  to  water,  but 
you  cannot  make  it 
drink.” Training  in  what  to 
do  raises  the  bar,  and  reduces  overall  inci¬ 
dents,  but  training  users  to  think  secure 
should  be  the  goal. 

Lacey:  You  can  achieve  a  substantial  im¬ 
provement  but  people  are  not  foolproof.  See 
my  forthcoming  book,  Managing  the  Human 
Factor  in  Information  Security,  due  out  in 
January  for  details  of  how  to  do  this. 

11.  Don't  worry,  the  government  has  a 
secret  cyber-defense  capability. 

Selby:  In  the  same  drawer  as  its  secret  eco¬ 
nomic  fix-it  plan. 

Lacey:  It  certainly  does.  How  do  you  think 
they  spy  on  other  nations? 

Yeomans:  Of  course  it  does.  But  unless  you 
are  in  a  business  that  cannot  be  allowed  to  fail, 
don’t  depend  on  the  government  to  help  you. 
They  will  have  more  important  people  who 
need  help. 

Pescatore:  Well,  this  is  true  but  the  secret 
strategy  is  to  disconnect  from  the  Internet. The 
strongest  attacks  are  coming  from  cyber  crimi¬ 
nals,  not  governments  or  nations.The  strongest 
defenses  [that  don’t  involve  isolation]  are  seen 
in  private  industry,  not  government  M 
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Visa  charges  into  virtualization 


BY  JIM  DUFFY 

Visa  is  looking  for  a  few  good  people  to 
run  its  next-generation  data  centers. 

In  July,  the  electronic  payments  company 
posted  an  opening  on  the  Data  Center  Job 
Board  for  a  senior  facilities  engineer  in 
Virginia  to  ensure  the  smooth  operation 
and  launch  of  state-of-the-art  data  centers. 

Visa  is  looking  to  mimic  the  2006  launch 
of  its  Operations  Center  Central  (OCC)  pro¬ 
cessing  facility  in  Denver  in  other  data  cen¬ 
ters  around  the  globe.  Visa  is  pushing  the 
envelope  of  virtualization  in  that  Denver 
facility  and  two  others  in  different  loca¬ 
tions. 

“OCC  is  an  ongoing  project,”  says  Andy 
Lewis,  Visa’s  head  of  global  engineering  at 
the  Denver  OCC.  “Just  as  we  complete  one 
aspect  of  it  there’s  going  to  be  something 
else  that  comes  along  that  is  a  further 
enabler  to  reduce  costs  and  increase  relia¬ 
bility  and  availability,  while  managing  risk  at 
the  same  time.  Is  there  ever  an  end  state?” 

Its  business  would  say  no. Visa’s  1.6  billion 
global  card-holders  account  for  more  than 
$3  trillion  in  annual  transaction  volume, 
which  is  growing  at  a  20%  per-year  clip. 
VisaNet,  the  company’s  global  network, 
serves  as  the  backbone  for  roughly  one-sev¬ 
enth  of  American  consumer  expenditure. 

Each  OCC  data  center  will  handle  more 
than  $1  trillion  in  annual  transaction  vol¬ 
ume  and  is  designed  to  meet  the  growing 
volume  of  electronic  credit,  debit  and  pre¬ 
paid  transactions  for  the  foreseeable  future. 
Network,  server  and  storage  virtualization 
are  key  to  enabling  that. 

The  OCCs  run  a  single  synchronized 
image  of  transaction  processing  around  the 
globe.  Each  OCC  runs  multiple  instances  — 
or  virtual  images  —  of  that  single  image 
within  the  data  center.  This  gives  Visa 
“redundancy  within  redundancy”  for  credit 
or  debit  authorization,  and  the  ability  to  fail 
over  to  another  data  center  as  well  as  inter¬ 
nally  within  a  data  center.  Visa  engineers  at 
an  OCC  can  manage  another  data  center 
thousands  of  miles  away  connected  over 
the  company’s  VisaNet  global  payments 
network. 

Virtualization  also  has  helped  Visa  man¬ 
age  costs.  By  allocating  or  replicating  pro¬ 
cessing  cycles  logically,  Visa’s  IT  budget 
increased  only  3%  or  4%,  and  unit  costs 
were  cut  by  about  50%  between  2000  and 
2007,  as  transactions  grew  20%  annually, 
CIO  Michael  Dreyer  said  at  a  Cisco  confer¬ 
ence  last  summer. 

But  Visa  has  taken  a  methodical  approach 
to  virtualization,  and  has  adopted  different, 
discrete  techniques  from  all  of  its  top  ven¬ 
dors,  starting  with  the  IBM  Multiple  Virtual 
Storage  (MVS)  and  Virtual  Machine  (VM) 


mainframes  it’s  used  since  the  mid-1970s. 
The  company  also  uses  virtualization  offer¬ 
ings  from  HP/Tandem,  VMware  and  other 
server,  storage  and  network  vendors,  Lewis 
says,  to  replicate,  partition  and  allocate 
resources  without  purchasing  and  deploy¬ 
ing  additional  physical  hardware  and  soft¬ 
ware  assets. 

But  the  environment  has  to  be  right  for  it, 
Lewis  admits. “Have  we  gone  full  bore  with 
virtualization  in  our  production,  core  sys¬ 
tems?”  Lewis  asks. “No  we  have  not. 

“Virtualization  is  one  of  the  tools  in  a  tool¬ 
box  we  have  that  helps  us  lower  costs, 
increase  utilization,  define  flexibility  among 
resources,”  he  says.  “Consumption-based 
pricing,  and  making  sure  we  have  the  cor¬ 
rect  terms  and  conditions  in  place  with  our 
vendors  for  software  and  hardware  all  play 
a  part  in  this  increased  utilization  and  bet¬ 
ter  value  per  unit  cost.  How  are  you  manag¬ 
ing  assets  and  utilization  of  assets?  We  look 
at  how  you  can  virtualize  to  gain  more 


effective  usage  and  consumption  of  those 
assets.” 

But  there  are  many  inhibitors  to  reaching 
an  “end  state”  of  virtualization  in  and 
between  data  centers,  Lewis  says,  where 
every  resource  can  be  physically  decou¬ 
pled  from  its  host  machine.  Among  them: 

•  Lack  of  standards  —  Lewis  says  this  is 
the  biggest  inhibitor  as  there  are  a  lot  of 
“niche,  proprietary  solutions”  available. 

•  Immaturity  —  Many  of  the  legacy  hyper¬ 
visor  products  are  lower-level  VM  environ- 

See  Visa,  page  19 
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Visa  is  leaning  hard  on  virtualization  across  its  Operations 
Center  Central  (OCC)  data-center  design 
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Modular  power  just  grew  up. 


Infrastructure 


DATA  CENTERS  ON  DEMAND 


Grow  in  bigger  increments 
with  the  Symmetra"  PX  250/500. 

Right-sized,  modular  power  -  the  key  to  virtualizing  with  true  efficiency! 


Principles  of  tnfraStruXure 
High  Density-Ready  Architecture. 


TheSymmtm 
PX 250500 
fits  anywhere, 
with  m  war 
access  required. 
Scalable  in  25rtY 
increments  it 
beasts  a  96% 
efhosncyramg 

(Shorn  mime 
up  asuS  Match 
scnSgutation  fa r 
BOOM  and  6 
mmitss  njn&me.) 


If  you  haven’t  already  virtualized  your  servers,  you’re  probably  seriously 
considering  it.  What  you  may  not  know  about  virtualization  is  this:  modular  power 
is  critical  to  maximizing  the  gains  made  through  virtualization  -  otherwise,  oversized 
power  simply  negates  the  efficiency  advances  you’ve  made. 

Now,  the  modular  power  you  know  from  our  acclaimed  Symmetra  PX  40/80  is 
more  flexible  than  ever  with  the  all-new  Symmetra  PX  250/500.  Featuring  modular 
power  in  larger  increments  of  25kW  up  to  500kW,  it  configures  in  parallel  up  to 
2  MW,  for  enterprises  with  consolidated  servers  that  are  experiencing  growth 
on  a  larger  scale. 

The  PDU  -  modular  power's  newest  frontier. 

In  addition  to  the  Symmetra  PX  250/500,  we  also  introduce  the  first  ever  fully 
modular  PDU.  Our  new  Modular  Power  Distribution  technology  brings  the 
right-sized  scalability  and  flexibility  you  need  when  virtualizing  to  the  power 
distribution  unit  -  right  down  to  the  rack  level.  Scaling  up  or  down  no  longer 
means  powering  down  -  or  attempting  to  forecast  future  use. 


1  Rack  enclosures  that  are  HD-Ready 

2  Metered  PDUs  at  the  rack  level 

3  Temperature  monitoring  in  the  racks 

4  Centralized  monitoring  software 

5  Operations  software  with  predictive  capacity 
management 

6  Efficient  InRow'  cooling  technology 

7  UPS  power  that  is  flexible  and  scalable 


Virtualization  can 
significantly  reduce 
IT  load,  resulting  in 
underloaded  power 
systems.  Improve  your 
efficiency  by  avoiding 
oversizing  and  by 
downsizing  at  the  time 
of  IT  consolidation  with 
our  modular  scalable 
architecture. 


I  power 


I  original 
load 


!i virtualized 
load 


Modular  power  -  for  maximizing  savings  from  virtualization. 


*  ■*  *  the  green  grid'  APC  is  proud  to  be  a  member  of  the  green  grid. 


Start  saving  energy  today  by  virtualizing  -  but  not  without  these  flexible  advances 


in  modular  power  -  the  Symmetra  PX  250/500  and  APC’s  first  ever  Modular 
Power  Distribution  Unit. 


Modular  PDU 


•  Doubles  the  power  in 
half  the  floor  space 

•  60%  smaller,  so  material 
costs  are  reduced 

•  Built  in  advanced  alarms 
and  notification 


Distribution  Module 


•  Plugs  directly 
into  RPP  and 
PDU  products 


•  Hot-swappable  and  safe 


•  Available  in  single  and  3-phase 


High  Efficiency  41 5V 


•  415V  of  power  means  higher  power 
density  in  a  smaller  footprint 

•  Step  down  and  conversion  rates 
provide  more  power  by  routing  at 
higher  voltage 

•  288kW  now  fits  in  1 2”! 


The  following  have  been  tested  and 
work  best  with  InfraStruXure  Solutions. 
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Go  to  www.xcompatible.com  to  learn  more. 


Download  a  FREE  copy  of  APC  White  Paper  #1 26:  "An  Improved 
Architecture  for  High-Efficiency,  High-Density  Data  Centers" 


Visit  www.apc.com/promo  Key  Code  e177w  •  Call  888-289-APCC  x9680  •  Fax  401-788-2797 
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NEWS  ANALYSIS 


EX  8208:  better  late  than . . . 

Juniper’s  data  center  switch  is  bumped  to  the  first  quarter 


BY  JIM  DUFFY 

Juniper  Networks  this  week  will  gloss  over 
the  fact  that  its  chassis-based  data  center 
switch  is  shipping  later  than  planned  by  play¬ 
ing  up  its  total  cost  of  ownership  position. 

The  eight-slot  EX  8208  was  supposed  to  ship 
by  year-end.  Juniper  held  it  up  until  the  first 
quarter  of  2009  to  extend  beta  testing  and  qual¬ 
ity  assurance. 

But  what  Juniper  will  talk  about  is  how  the 
8208,  combined  with  other  Juniper  EX-  and 
MX-series  switches  and  routers,  can  reduce 
TCO  by  as  much  as  52%  in  capital  expendi¬ 
tures,  44%  in  power  and  cooling,  and  as  much 
as  55%  in  data  center  rack  space. 

Juniper,  a  relative  newcomer  to  data  center 
switching  —  its  EX  line  rolled  out  earlier  this 
year  —  says  businesses  are  constrained  by 
legacy  architectures  that  cannot  scale  with 
increased  processing  demand.  Juniper  recom¬ 
mends  adopting  its  switching,  routing  and 
security  platforms, and  Junos  operating  system, 
for  a  more  agile  and  efficient  infrastructure. 

That  may  or  may  not  be  a  tough  sell,  regard¬ 
less  of  a  shipment  delay  Cisco  dominates  the 
data  center  network  infrastructure  with  the 
Catalyst  6500,  and  CIOs  have  a  lot  of  money 
invested  in  it  and  in  training.  But  Cisco  is 
encouraging  customers  to  transition  to  its  new 
Nexus  7000  switch,  and  competitors  see  that  as 
a  ripe  opportunity  to  strike. 

Also,  Juniper  says  it  can  eliminate  an  entire 
layer  of  Catalyst  6500  —  or  any  other  —  aggre¬ 
gation  switches.The  company  claims  a  combi¬ 
nation  of  its  EX-,  MX-  and  SRX-series  products 
can  eliminate  the  aggregation  switching  layer, 
between  the  top-of-rack/end-of-row  and  core 
layers,  in  a  data  center  network  design.  This  is 
accomplished  through  the  virtual  chassis  tech¬ 
nology  in  Juniper’s  EX  4200  Ethernet  switches 
and  the  8208s.  This  combination  can  reduce 
the  number  of  interswitch  links  and  the 
amount  of  equipment  required  in  the  data  cen¬ 
ter  by  as  much  as  half,  Juniper  says. 

A  virtual  chassis  allows  as  many  as  10  of  the 
fixed-configuration  devices  to  be  interconnect¬ 
ed  into  a  480  Gigabit  Ethernet  port  “switch.” 

Analysts  say  it’s  the  hinge  of  Juniper’s  strategy 
“They  want  the  intelligence  of  end  of  row 
switches,  but  you  can’t  afford  to  put  that  intelli¬ 
gence  at  the  top  of  every  rack,”  says  Abner 
Germanow  of  IDC.  “Virtual  chassis  is  a  good 
way  of  balancing  those  two  architectures.” 

The  most  compelling  application,  accord¬ 
ing  to  Forrester  Research’s  Rob  Whiteley,  is 
the  ability  for  data  center  managers  to 
extend  a  tool  such  as  VMware’s  VMotion 
across  physical  boundaries  yet  within  the 
same  logical  Ethernet  domain.  This  allows 
virtual  machine  mobility  between  physical 
data  centers,  he  says. 


“It  hugely  simplifies  your  VMotion  architec¬ 
ture,  and  it  basically  puts  that  intelligence  bur¬ 
den  on  the  network,”Whiteley  says. 

Juniper  also  says  its  SRX  VPN,  firewall  and 
intrusion-prevention  services  gateway  can 
replace  more  than  12  separate  appliances  for 
securing  a  data  center.  This  can  be  managed 
through  a  single  Juniper  Network  and  Security 
Manager  interface  to  achieve  a  25%  reduction 
in  operating  costs,  Juniper  says. 

Major  data  center  vendors  are  pitching  a 


BY  ROBERT  MCMILLAN,  IDG  NEWS 
SERVICE 

Security  researchers  say  they’ve  developed  a 
way  to  partially  crack  the  Wi-Fi  Protected 
Access  encryption  standard  used  to  protect 
data  on  many  wireless  networks. 

The  attack,  described  as  the  first  practical 
attack  on  WPA,  will  be  discussed  at  the 
PacSec  conference  in  Tokyo  this  week. 
Researcher  Erik  Tews  will  show  how  he  was 
able  to  crack  WPA  encryption,  enabling  him 
to  read  data  being  sent  from  a  router  to  a 
laptop  computer.  The  attack  could  also  be 
used  to  send  bogus  information  to  a  client 
connected  to  the  router. 

To  do  this, Tews  and  his  co-researcher  Martin 
Beck  found  a  way  to  break  the  Temporal  Key 
Integrity  Protocol  (TKIP)  key  used  by  WPA,  in 
a  relatively  short  amount  of  time:  12  to  15  min¬ 
utes,  according  to  Dragos  Ruiu,  the  PacSec 
conference’s  organizer. 

They  have  not,  however,  managed  to  crack 


unified  switching  fabric  approach  that  would 
consolidate  legacy  technologies  like  Fibre- 
Channel  over  10  Gigabit  Ethernet.  Standards 
for  those  are  not  expected  until  2010,  but 
some  vendors  are  getting  a  jumpstart  with 
prestandard  implementations. 

It  seems  that  Juniper  won’t  be  one  of  them. 
“Along  with  partners  like  IBM,  we  are  investing 
in  the  standardization  of  Converged  Enhanced 
Ethernet,  which  is  a  requirement  for  delivering 
standards-based  Fibre  Channel  over  Ethernet. 
As  the  standards  get  ratified,  Juniper  will  be 
looking  to  productize  the  technology.  Driving 
down  complexity  in  the  data  center  network 
requires  standardization.” 

For  now,  Juniper  says  its  approach  has  been 
endorsed  by  EX  reseller  and  Cisco  data  center 
competitor  IBM,  and  customers  AOL, 
Commerce  Bank  and  Laboratory  of  Neuro- 
Imaging  at  UCLA. 

Germanow  says  Juniper  will  still  have  to  pass 
muster  with  those  longtime  legacy  users.  “An 
unknown  for  Juniper  is  to  make  the  argument 
for  Junos  across  multiple  product  lines,  and 
whether  or  not  an  enterprise  can  see  the  near- 
term  value  of  that  without  buying  multiple 
products,”  he  says.  “But  the  switch  is  clearly  a 
contender  and  on  the  short  list  of  a  number  of 
data-center  switch  evaluations.”® 


the  encryption  keys  used  to  secure  data  that 
goes  from  the  PC  to  the  router  in  this  particu¬ 
lar  attack. 

Security  experts  had  known  that  TKIP 
could  be  cracked  using  what’s  known  as  a 
brute  force  dictionary  attack.  The  work  of 
Tews  and  Beck  does  not  involve  a  dictio¬ 
nary  attack,  however. 

Tews  and  Beck  first  discovered  a  way  to 
trick  a  WPA  router  into  sending  them  large 
amounts  of  data. This  makes  cracking  the  key 
easier,  but  the  technique  is  also  combined 
with  a  “mathematical  breakthrough,”  that  lets 
them  crack  WPA  more  quickly  than  any  pre¬ 
vious  attempt,  Ruiu  says. 

WPA  is  widely  used  on  Wi-Fi  networks  and  is 
considered  a  better  alternative  to  the  original 
Wired  Equivalent  Privacy  standard. 

A  new  wireless  standard  known  as  WPA2  is 
considered  safe  from  the  attack  developed  by 
Tews  and  Beck,  but  many  WPA2  routers  also 
support  WPA.  ■ 


Once  thought  safe,  WPA 
Wi-Fi  encryption  is  cracked 
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Another  Day,  Another  Crisis? 

The  Common  Denominator  in  Performance  Nightmares 


Just  Another  Day  at  the  Office 

You’ve  probably  had  it  happen,  and 
there’s  nothing  quite  like  it.  First  thing 
Monday  morning,  a  “MUST  be  handled 
before  noon!”  list  of  emergencies  hits  you 
in  the  face: 

•  The  sales  manager  is  squawking 
because  CRM  database  is  slow. 

•  Accounting  is  nagging  because 
email  is  slow. 

•  The  NAS  server  is  averaging 
unacceptably  high  counts 
of  queued  disk  I/Os. 

•  You’re  getting  constant  poor 
performance  alerts  from  the  SAN. 

•  Backups  have  not  been  complet¬ 
ing  during  the  backup  window. 

These  nagging,  ulcer-creating  problems 
are  also  the  subject  of  several  emails  from 
the  CFO  because,  on  top  of  being  bad 
for  company  production,  in  this  time  of 
economic  uncertainty  they’re  also  bad  for 
business.  Work  is  being  slowed  down  and 
the  company  is  losing  money. 

The  Culprit 

The  common  hardware  denominator 
to  all  these  crises  is  the  hard  drive — the 
slowest  link  in  a  computer  system.  If  the 
data  on  a  hard  drive  is  fragmented,  that 
already  dragging  weakest  link  becomes 
agonizingly  slower. 

With  frenetic  requirements  for  continu¬ 
ous  data  access,  enormous  hies  and  huge 
disk  capacities,  fragmentation  is  worse 
than  ever;  hies  in  hundreds  or  even 
thousands  of  fragments  aren’t  at  all  un¬ 
common.  Brett  Taylor,  of  Van  Wert  Medical 
Services,  discovered  just  how  bad  it  can 
get.  “Our  electronic  medical  records 
server  is  a  Microsoft®  SQL  Server®  and 
one  day  it  came  to  a  halt,”  he  says.  “I  did 
everything:  ran  spyware  software,  delet¬ 
ed  numerous  temp  hies,  ran  Windows® 
update,  etc.  but  nothing  would  allow  the 
server  to  run.  It  turned  out  that  the  hard 
drive  was  horribly  fragmented.” 

Craig  Merchant  of  Pace  Engineering, 
San  Francisco,  discovered  very  similar 
problems.  “I  get  a  huge  amount  of  frag¬ 
mentation  when  1  run  multiple  virtual 
machines  on  my  system  using  VMware®,” 
he  reports.  “I’ve  had  as  much  as  20%  frag¬ 
mentation  that  the  Windows  defrag  util¬ 
ity  couldn’t  get  rid  of.  In  my  experience, 


virtual  machines  fragment  their  disks  as 
much  as  real  machines.  But  Windows 
systems  running  VMware  tend  to  have 
extreme  fragmentation  problems,  partic¬ 
ularly  when  running  multiple  VM’s.” 

Making  Mondays  Go  Away 

Making  the  right  defragmentation 
technology  choice  in  today’s  frantic 
fragmentation  environment  is  vital. 
Scheduled  defragmentation  has  become 
a  problem  due  to  the  IT  hours  required 
to  schedule  defragmentation  and  the 
downtime  required  for  the  defragmenter 
to  run.  But  worst  of  all,  scheduled 
defragmentation  is  no  longer  fully 
addressing  fragmentation. 

The  only  solution  that  stands  up  to 
today’s  escalating  fragmentation  is 
Diskeeper®.  Diskeeper’s  proprietary 
InvisiTasking®  technology  makes  for 
completely  automatic,  invisible  defrag¬ 
mentation.  Because  it  utilizes  otherwise 
idle  resources,  it  requires  absolutely  no 
scheduling,  freeing  up  IT  time  for  more 
important  tasks.  There  is  never  a  negative 
performance  hit  during  defragmenta¬ 
tion,  and  system  performance  and 
reliability  are  consistently  maximized. 

Reliability  and  Performance 
Issues  Become  Nonexistent 

Mike  Driest,  Network/Systems 
Administrator  for  Industrial  Control 
Repair  in  Warren,  Michigan,  has  found 
Diskeeper  to  be  the  only  solution. 
“Automatic  disk  defragmentation  for 
a  server  is  like  oil  for  the  engine  in 


your  car,”  he  says.  “One  of  the  most 
useful  features  about  Diskeeper, 
when  using  it  on  our  20+  servers,  is 
the  automatic  defragmenting  with 
InvisiTasking.  Diskeeper  helps  all  of 
our  servers  (Domain  Controllers, 
File,  Exchange,  SQL,  Web,  etc.) 
perform  at  their  very  best.  Reliabil¬ 
ity  and  performance  issues  relating  to 
a  lack  of  defragmentation  do  not  exist 
in  our  environment.” 

Diskeeper  has  proven  the  solution 
for  Andrew  Wise,  Senior  Network 
Engineer  at  Datacore  Marketing 
in  Westwood,  Kansas  as  well. 
‘We  run  Diskeeper  primarily 
on  our  SQL  database  servers  with 
Fibre  Channel  SAN  connectivity,”  he 
says.  “It  keeps  the  database  and  log  files 
defragmented  at  the  OS  level  to  reduce 
the  I/O  on  our  SAN.  After  installing 
Diskeeper  and  doing  a  full  defrag,  we 
noticed  around  10-15%  reduction  in 
the  amount  of  I/O  generated  and  in  the 
amount  of  time  it  took  for  the  SAN  to 
service  each  request.  We  are  a  Microsoft 
SQL  Server  database  shop  and  we  process 
terabytes  of  SQL  data  on  a  daily  basis,  so  any 
reduction  in  the  amount  of  time  it  takes  to 
do  that  processing  save  us  money.” 

Diskeeper  with  InvisiTasking  makes  for 
smooth,  calm  Monday  mornings  for  these 
and  thousands  of  other  enterprises  the 
world  over.  Take  advantage  of  our  special 
offer  and  find  out,  free  of  charge,  what  it 
can  do  for  you. 


SPECIAL  OFFER: 

Discover  how  vital  Diskeeper 
with  InvisiTasking  is  to  you: 

Get  your  FREE  fully  operational 
trial  version  for  45  days  now! 
(Extended  from  30  days) 
Download  at: 

www.diskeeper.com/performance 

Volume  licensing  and  Government/Education 
discounts  are  available  by  calling  800-829-6468, 
extension  4145. 

with  InvisiTasking * 

Diskeeper  2008 

Maximizing  Performance  and  Reliability — Automatically 

_ _ _ I 


Diskeeper 

corporation  * 
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10  tech-related  wishes  for  the  new  administration 


NET  INSIDER 

Scott  Bradner 


i  he  new  national  administration  in  Jan¬ 
uary  will  have  the  opportunity  to  set  the 
direction  on  many  fronts.  Here  are  the 
top  10  technology-related  areas  where  a  new 
direction  is  needed. The  Barack  Obama  cam¬ 
paign  addressed  some  of  these  in 
its  technology  position  paper,  but 
others  are  issues  IVe  covered  in 
past  columns. 

Regulations  are  generally  the 
worst  way  to  help  technology 
development  because  they 
tend  to  trip  over  dependence 
on  the  technology  of  the 
moment  rather  than  dealing 
with  the  underlying  principles, 
but  sometimes  there  is  no 
choice. 

Ensure  a  neutral 
Internet  (at  least  in  the 
United  States).  This  was 
the  top  goal  in  Obama’s 
technology  position  paper.  Here 
is  a  case  where  regulations  are 
needed  to  codify  a  less  condi¬ 
tional  version  of  the  FCC’s  four 
principles. 


2  Reconsider  link  and 
equipment-sharing 
requirements  for 
I  monopoly  carriers. 

Once  upon  a  time  we  had  real 
competition  for  services  to  resi¬ 
dential  users  because  monopoly 
phone  carriers  were  required  to 
wholesale  parts  of  their  infrastruc¬ 
ture  to  competitive  local  access 
providers.The  FCC  killed  this  a 
few  years  ago  and  Internet  service 
quality  and  value  has  suffered. 


about  them  and  mandates  the  protection  of 
any  such  information. There  should  be  real 
criminal  and  civil  penalties,  which  can  be 
invoked  by  individuals,  for  the  failure  to  meet 
the  requirements. 


the  public  back  closer  to  what  was  envi¬ 
sioned  by  the  writers  of  the  U.S.  Constitution. 
At  the  very  least,  pass  a  law  that  removes 
copyright  restrictions  from  abandoned  works. 


5. 


Mandate  proper  procedures  for  law 
enforcement.  Require  that  law 
enforcement  at  all  levels  follow 
proper  constitutional  processes  when  obtain¬ 
ing  information  about  individuals. There 


8. 


Revisit  the  process  of  evaluating 
requests  for  federal  grants.  Peer 
review  has  proven  to  inhibit 
research  in  new  directions;  alternate  pro¬ 
cesses  should  be  developed  (but  reliance 
on  congressional  earmarks  is  not  a  good 
alternative). 


choice. 

1. 


9. 


Reorganize  the  FCC. 
Change  its  implicit 
mandate  to  one  of 
being  concerned  with  con¬ 
sumers  rather  than  incumbent 
carriers.  Move  to  transport  inde¬ 
pendent  regulations  (where  they 
are  needed  at  all)  —  minimize 
regulations  that  treat  cable  com¬ 
panies  differently  from  telephone 
companies. 


10. 


3 


Eaton  expertise  in  a  UPS. 

Uninterruptibility  from  Eaton®  is  an  iron-clad 
promise,  backed  by  a  $13B  global  organization 
and  a  century-long  heritage  with  power  protection, 
distribution  and  management  expertise.  That 
expertise  has  grown  to  include  the  Powerware® 


Reevaluate  the  10-year- 
old  Digital  Millennium 
Copyright  Act.  The  safe 


harbor  part  of  the  DMCA  is  very  good  but  too 
much  of  the  act  is  an  attempt  to  preserve  an 
old  business  model  for  content  owners  and 
the  anti-circumvention  provisions  cause  the 
United  States  real  harm. These  parts  should 
be  repealed. 


should  be  criminal  penalties  for  individuals 
who  fail  to  follow  proper  procedures  and  for 
any  organization  that  assists  them. 


Revoke  the  uni¬ 
versal  service 
fund.  This  has 
proved  to  be  an 
expensive  boondoggle  that  re¬ 
wards  a  few  vendors  for  little  ben¬ 
efit  to  consumers. 

There  are  many  other  areas  that 
need  to  be  worked  on  but  this  list 
is  a  start.  A  new  administration  is 
a  new  chance.  Too  often  the 
chance  is  missed,  but  maybe  not 
this  time. 

Disclaimer:  Harvard  does  not 
get  new  administrations  as  often 
as  the  United  States  does  and 
may  have  even  more  inertia  than 
the  U.S.  government,  but  new  pres¬ 
idents  still  manage  to  make  an 
impact.To  date,  the  university  has 
not  expressed  an  opinion  on 
what  direction  the  administration 
of  this  law  school  graduate 
should  take,  so  the  above  is  my 
list,  not  the  university’s. 


Bradner  is  Harvard  University’s  technology 
security  officer.  He  can  be  reached  at 
sob@sobco.com. 


4. 


Mandate  privacy  protection.  Move 
away  from  the  current  U.S.  model 
where  anyone  can  collect  and  sell 
information  about  individuals  without  their 
knowledge  or  consent.  Pass  a  federal  law  that 
empowers  individuals  to  control  the  obtain¬ 
ing,  retention  and  distribution  of  information 


6. 


Revoke  the  cable  must-carry  rules. 

Because  it  is  to  the  benefit  of  both 
organizations  when  a  cable  compa¬ 
ny  carries  a  TV  station,  let  the  market  decide 
who  should  pay  who  and  how  much. 


7. 


Restore  rationality  to  copyright 
duration.  Get  the  balance  between 
providing  an  incentive  to  authors 
and  providing  for  the  interests  of 


IT  Buyer’s  Guides 

Compare  products  and  get  up-to- 
date  buying  tips,  market  trends,  best 
practices,  tech  primers  and  more  on 
dozens  of  networking  topics  at: 

www.networkwopld.com/buyersguides 


16  •  NOVEMBER  10,  2008  •  www.networkworld.com 


NEWS  ANALYSIS 


CIOs  face  additional  pressures 


YANKEE 

INGENUITY 

Howard  Anderson 


Gutting  your  staff? 

No  and  I  hope  not  to.  That 
“share  the  pain”  comment  by 
management  scares  me. 


Sounds  like  you  are  between  a 
rock  and  a  hard  place. 

Not  as  bad  as  my  buddies  in 
financial  services.They  used  to 
have  a  black  belt  in  spending.  For 
most  vendors,  that  sector  was  20% 
of  their  total  business.  So  every 
vendor  —  Microsoft,  IBM,  CA,  SAB 
Cisco  —  now  is  in  here  all  the 
time.  It’s  getting  so  bad  that  I  have 
to  disguise  myself  as  a  Fed  Ex 
employee  just  to  get  through  my 
waiting  room. 


That  bad? 

Absolutely  positively 


Last  year  we  talked  about  CIOs  —  who  are 
both  the  masters  and  the  victims  of  dou¬ 
bletalk  and  who  are  under  enormous 
pressure  to  provide  more  to  their 
users  while  trying  to  keep  spend¬ 
ing  under  control. 

We  thought  we  would  check  in 
with  our  CIO  buddy  Manny 
Fernandez,  not  to  be  confused 
with  another  of  the  same  name 
who  is  as  popular  in  Boston  as 
Bucky  Dent  (don’t  ask). 


How's  your  budget  process 
going? 

Awful.  I  thought  I  had  the  man¬ 
date  to  spend  4%  more  than  last 
year ...  but  that’s  on  hold.  We  used 
to  spend  about  6%  on  IT  and 
communications  . . .  but  it  looks 
like  it  could  be  4.5%  to  5%  this 
year.  Management  keeps  making 
cute  little  comments  about  “shar¬ 
ing  the  pain”  and  “use  it  up,  wear  it 
out,  make  it  do  or  do  without.” 


Problem? 

You  bet.  Storage  is  like  a  tape¬ 
worm;  each  year  it  takes  more 
and  more  of  my  budget.  So  I  do 
the  short-term  cutesy  things  — 
like  delaying  LAN  upgrades,  cut¬ 
ting  outside  consulting  services 
and  virtualizing  my  servers.  But 
there  is  a  limit. 


Virtualize  PCs? 

Not  yet.  But  someday  some¬ 
place  we  have  to  figure  out  how 
to  throw  away  some  data.  Every¬ 
one  is  paranoid.  Right  now  our 
storage  is  growing  50%  per  year  in 
terabytes. We  try  to  rationalize  all 
the  time  —  without  taking  risks.  But  we  are 
soon  going  to  be  off  our  mainframes.  We  said 
“death  to  Linux”  and  we  don’t  support  Apple. 
We  are  70%  laptops  and  that  trend  isn’t  going 
to  stop.  So  far  we  have  avoided  supporting 
BlackBerries  and  iPhones  (and  soon  Google- 
phones)  but  that  is  going  to  be  a  losing  battle; 
those  suckers  are  really  computers. 


New  applications? 

Not  many  We  are  still  deploying  what  we 
started  two  years  ago.  But  we  are  looking 
more  closely  at  teleconferencing  again. This 
happens  every  time  we  cut  travel  budgets 


How  do  you  handle  the  demand  for  everyone 
to  have  an  upgrade  of  their  PC  each  year? 

We  try  to  hide  it  —  put  it  on  the  division’s 
budget.  Let’s  face  it:  We  are  a  high-priced  tech¬ 
nology  purchasing  agent.  What  we  really  like 
to  do  is  cut  our  expenditure  on  server  spend- 
ing.The  day  that  every  application  got  its  own 
server  has  got  to  end.  Right  now  about  25%  of 
our  server  workloads  are  virtualized.  If  the 
economy  continues  to  suck,  we’ll  grow  this 
number  to  35%. The  dropping  cost  of  storage 
helps  as  does  the  cost  of  laptops.  We  have 
moved  to  VoIP  in  a  big  way 

But  counter-balancing  that  is  the  multi-year 


Anderson  is  senior  managing 
director  ofYankeetek,  a  Cam¬ 
bridge,  Mass.,  venture  incubator. 
He  is  also  founder  of  The  Yankee 
Group  and  the  William  Porter 
Distinguished  Lecturer  at  the 
Massachusetts  Institute  of 
Technology.  He  can  be  reached  at 
handerson  @yankeetek.  com. 


inside  the  corporation.  We  still  have  a  lot  of 
underutilized  hardware. We  will  see. 

More  outsourcing?  Offshoring? 

We  got  really  down  on  outsourcing  a  few 
years  ago  —  but  we  have  moved  a  fair  amount 
of  support  to  Bangalore  and  Hyderabad.  Ap¬ 
plication  development  hasn’t  been  as  easy  as 
we  thought.  Outsourcing  is  like  the  flu:  As  soon 
as  the  economy  gets  socked,  it  comes  back. 


SAP  implementations  that  suck  up  money  like 
a  vacuum  cleaner. That’s  sacrosanct  —  don’t 
ask  me  why  We  are  stealing  from  Peter  to  pay 
Hans,  but  we  are  half  done. 


When  will  you  be  done? 

Never.  Maybe  longer. 


Frustrated? 

Me?  Why  would  I  be  frustrated?  Just 

because  I  have  to  be  both  the 
Tech  Visionary,  the  mean-spirited 
Cost  Accountant,  the  Czar  of 
Platforms,  the  Puchasing  Agent 
and  the  Applications  Guru?  Just 
because  I  have  to  provide  a  high¬ 
er  level  of  service  and  availability 
at  lower  levels  of  cost  each  year? 


ions. 
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Powering  Business  Worldwide 


and  MGE  Office  Protection  Systems™  product 
families.  Today  the  Eaton  label  is  found  on  UPSs 
with  the  highest  efficiency,  smallest  footprint, 
lightest  weight,  and  easiest  installation  available 
to  help  you  meet  your  power  challenges — 
and  power  through. 


ONLINE:  Network  management, 
automation  and  control 

Learn  what  the  most  effective  and  effi¬ 
cient  network-management  tools  are, 
and  the  new  skill  set  of  the  emerging 
executive  by  attending  IT  Roadmap: 
Washington,  D.C.,  Dec.  16.  Qualify  to 
attend  free  at: 

www.nwdocfinder.com/6821 
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ATTEND  FREE!  www.networkworld.com/RM8DCA2 


CONFERENCE  &  EXPO 


Go  from  0-to-60  solutions  on  10  of  IT’s  fastest  tracks. 

The  information  is  rich.  The  technology  is  deep.  And  the  focus  is  on  results  in 
every  corner  of  your  enterprise. 

Knock-knock-knocking  on  NOC’s 
expanded  role 

Ethernet  unleashed  in  the  WAN 
Virtualization  for  thin-client  desktops 
Clarity  amidst  the  UC  confusion 
Remote  and  mobile  VoIP  build  outs 
Plus  dozens  more  solutions! 


NETWORK  WORLD’S  IT  ROADMAP  IS  COMING 
BACK  TO  WASHINGTON,  DC.  The  premiere 
1-day  event  that  moves  as  fast  as  the  technology 
it  covers.  Be  here  for  the  10  most-challenging 
topics  in  technology.  Surrounded  by  a  private 
expo  with  ready-to-roll  solutions  enterprise-wide. 
Join  us  as  we  bring  together  IT’s  brightest 
analysts,  best  vendors,  and  most-innovative 
users  to  give  you  a  year’s  worth  of  insights  and 
advancements  on  issues  that  weren’t  even 
opportunities  12  months  ago. 


Threat-eliminating  security  for 
decentralized  nets 
Blueprint  of  the  new  data  center 
Architecture  for  big-picture  wireless 
Four  stages  of  smart-solution  NAC 
Optimization  secrets  of  app 
acceleration 


It’s  the  essential  IT  event  where  you  can  bring  your  entire  team,  cover  it  all, 
and  take  away  technology’s  most  effective  solutions  in  just  one  day.  So  register 
now.  Save  the  date.  And  join  us  as  IT  Roadmap  rolls  into  Washington,  DC. 


QUALIFY  TO  ATTEND  FREE 

www.networkworld.com/RM8DCA2  1  -800-643-4668 


QUALIFIED  ITR  ALUMNI  -  YOU’RE  PRE  APPROVED! 


Principal  Sponsors 


Platinum  Sponsors 


CITRIX 


BtueQCoat 


V0fl7Onbusiness 

•  I  |  I  •  I  |  I  • 
CISCO. 


BROCADE 


PS  paloalto 

■  NETWORKS 


rad  ware 


FOUNDRY  [S!  Juniper’  ^nETSCOUT. 

NETWORKS  S3KS  NETWORK*  |  ^ 


Gold  Sponsors 


Aerohive-  (?p  Airwave- 


3Com  AID 


Akamai 

titwtih>ii  r'/fwrwr 


Networks 


AMERICAS 


EXPAND  Fc-nrinEr  '*r 

networks  Global  Knowledge 

@  Mu  Dynamics  Hi  NetApp  cordial  NS 


Infoblox 


riverbed 


Silver  Peak  softlayer  WildPacketr  xirrus 


Want  to  see  your  name  added  to  this  list?  Cali  Andrea  D'Amato  at  508/766-5455  or  adamato@nww.com  to  learn  about  sponsorship  opportunities  and  benefits! 


Join  Us  for  IT's  Indispensable  1-Day  Event! 


IT’s  #1  Destination  for  10  Critical  Topics 

1.  Virtualization 

2.  Enterprise  Mobility 

3.  Network  Management,  Automation  &  Control 

4.  Network  &  Application  Acceleration 

5.  Securing  the  Core 

6.  Data  Center  Infrastructure  and  Management 

7.  Security  and  Compliance 

8.  VoIP,  Video  and  Unified  Communications 

9.  Next-Generation  WAN  Services 

10.  SaaS,  Cloud  Computing  and  Managed  Services 
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Visa 

continued  from  page  12 

ments,  integrated  at  the  hardware  and 
firmware  level,  Lewis  says. The  newer,  higher- 
level  software  and  application  virtualization 
hypervisors  are  “more  appealing  [but]  more 
risk,”  he  says. 

•  Charge-back  mechanisms  —  Managing  the 
normal  unit  of  work  and  charging  back  compa¬ 
ny  departments  for  it  is  more  challenging  in  a 
virtualized  environment,  Lewis  says. 

•  Shared  environments  —  The  key  to  virtual¬ 
ization  is  how  you  share  an  environment  with 
another  department  within  the  company. 
Organizationally  that  could  be  an  inhibitor, 
Lewis  notes,  because  offering  a  single  synchro¬ 
nized  image  breaks  down  barriers  between 

**  Virtualization  does  nothing 
for  you  unless  you  have  the 
integrated  processes,  the 
organization,  the  commit¬ 
ments  from  various  partners 
and  vendors  that  you  work 
with  to  address  pricing 
methodologies,  contracts.55 

Andy  Lewis 

Head  of  global  engineering,  Visa 

constituencies. 

•  Lack  of  an  “aggregated  protocol”  — 
Something  akin  to  MPLS  and  its  tunneling 
mechanisms  is  needed  in  the  data  center  to 
converge  ESCON,  FICON,  Fibre  Channel,  SCSI 
and  Ethernet  into  a  more  operationally  efficient 
fabric,  Lewis  says. 

Specific  to  the  standards  issue,  Visa  has  to 
define  its  own  internal  standards  for  managing 
and  securing  its  virtual  environment.  Vendors 
now  offer  only  point  products. 

“We’re  making  headway  with  VMotion  from 
VMware;  it’s  improved  our  ability  to  have  aware¬ 
ness  and  vision  into  the  usage  and  consump¬ 
tion  and  configuration  of  our  environments,” 
Lewis  says.“But  again,  If  I  go  down  each  vendor’s 
path  whether  storage  or  server  or  network,  each 
vendor  has  a  different  approach.  There’s  some 
concern  over  whose  strategy  is  actually  going  to 
win,  who’s  going  to  be  the  manager  of  managers 
and  who’s  going  to  share  their  IP  to  ensure  it’s 
being  managed  effectively  at  the  global  and 
client  level.” 

As  for  an  aggregated  protocol,  vendors  are 
working  on  standards  for  unified  data-center 
fabrics, such  as  the  Fibre  Channel  over  Ethernet 
specification  from  Technical  Committee  T1 1  of 
the  InterNational  Committee  for  Information 
Technology  Standards,  and  the  Converged 
Enhanced  Ethernet/Data  Center  Ethernet  efforts 


from  the  IEEE,  IBM,  Cisco,  Intel,  EMC  and  others. 
But  again,  these  are  in  prestandard  form,  and 
Visa  is  reluctant  to  adopt  anything  that  has  not 
been  standardized. 

“I’m  going  to  be  leery  of  it  for  a  couple  of 
years  until  I  really  think  it’s  baked  in  as  a  stan¬ 
dard,”  he  says.  “We  saw  this  at  a  higher  level 
[recently]  with  regard  to  network  file  access 
and  I/O:  Was  it  going  to  be  SCSI  over 
Ethernet?  SCSI  over  IP?  FCoIP?  We  will  see 
continued  progress  in  specific  areas  around 
ESCON-to-FICON,  around  Fibre  Channel  arbi¬ 
trary  looped  and  switched/switched2  fabrics. 
. . .  But  I  can’t  see  that  there’s  any  one  silver 
bullet  right  now.” 

Visa  also  is  evaluating  newer  virtualization 
products  from  Cisco,  including  theVFrame  Data 
Center  resource  orchestration  appliance,  and 
Nexus  7000  switches.  VFrame  is  an  appliance 
designed  to  provision  compute,  network  and 
storage  resources  together  as  virtual  services 
through  a  policy  engine  that  automates 
resource  changes  in  response  to  infrastructure 
outages  and  performance  alterations.  Nexus 
7000  is  optimized  for  high-density  10  Gigabit 
Ethernet  in  the  data  center,  and  supports  a  uni¬ 
fied  switching  fabric  designed  to  provide  all 
servers  with  access  to  all  network  and  storage 
resources. 

But  pricing  and  capacity  issues  and  a  main¬ 
frame  legacy  keep  the  company  from  imple¬ 
menting  them,  Lewis  says. 

“We  do  use  mainframe,  nonstandard  systems” 
for  data  center  orchestration,  he  says. 
“Tandem/HP’s  implementation,  IBM,  Sun’s.  .  .  . 
We’ve  got  every  major  vendor  that  will  put  us  in 
a  competitive  place  moving  forward.” 

Visa  also  is  a  Cisco  Catalyst  switch  shop  that 
doesn’t  yet  require  the  1.7Tbps  capabilities  of 
the  Nexus  7000  switch.  Indeed,  Lewis  cautions 
that,  with  virtualization  coming  back  into  vogue 
because  of  newer  players  like  Cisco,  adopting  a 
buzzy  technology  for  technology’s  sake  is  not  in 
the  Visa  blueprint. 

“Virtualization  does  nothing  for  you  unless 
you  have  the  integrated  processes,  the  organiza¬ 
tion,  the  commitments  from  various  partners 
and  vendors  that  you  work  with  to  address  pric¬ 
ing  methodologies,  contracts,”  he  says.“There  are 
a  number  of  aspects  that  will  lead  toward  our 
full  data-center  strategy  In  itself,  it  does  nothing 
without  the  other  disciplines.”  ■ 


ONLINE:  Virtualization 

Learn  about  the  broader  set  of  solu¬ 
tions  that  can  be  enabled  with  virtual¬ 
ization,  such  as  disaster  recovery  and 
continuity,  data  center  migrations, 
image  standardization  and  virtual  desk¬ 
tops.  Find  out  more  at  IT  Roadmap: 
Washington,  D.C.,  on  Dec.  16.  Qualify 
to  attend  free  at: 

www.nwdocfinder.com/6823 


For  less  than  $1,500,  a 
high  performance1  multi- 
terabyte2  storage  server 


with  software3  can  be 


built  to  serve  256  con¬ 
current  users4  for  ADS 
Domain  Networks. 


Besides  high  performance,  Synology 
servers  are  quiet5,  green6  and  rich  in 
functions.  Backups  cannot  be  easier 
with  the  ability  of  backing  up  Win¬ 
dows®  computers  using  Synology’s 
Data  Replicator  3,  and  supporting 
the  ability  of  backing  up  one  Synol¬ 
ogy  server  to  another,  or  to  another 
computer  using  rsync.  Remote  file 
administration  is  easy  using  the  web- 
based  Synology  File  Station.  With 
support  for  Windows,  Mac®,  and  Linux 
computers,  the  possibilities  are  end¬ 
less.  Please  see 

www.synology.com 


fC/ltoff 
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ligerDlrect.com 


1 .  Synology  DS508:  writes  at  30+MByte/Sec,  reads  at 
50+MByte/Sec,  RAID  5 

2.  Synology  DS508  with  5x500GB  HDD 

3.  Synology  OS  (DSM  2.0),  PC  Backup  Application 
(Data  Replicator  3),  Unlimited  Client  Access  Licenses 

4.  Max:  256  Concurrent  Users,  2048  Local  User  Ac¬ 
counts,  tested  on  domain  with  20,000  User  Accounts 

5.  Synology  DS508  Noise  Output:  26dbA  without  HDDs 

6.  Synology  DS508  Power  Consumption:  82  Watts 
Seeking  /  27  Watts  Hibernating 
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YOUR  TAKE:  OPEN  SOURCE  ■  Sabre  ■  McKesson 


Flying  high  with  open  source 

“It’s  always  peak  hour  somewhere”  on  the  Sabre  Holdings  network,  but  open 
source  software  helps  the  company  meet  its  demanding  uptime  requirements 


BY  PAUL  DESMOND 

To  say  Sabre  Holdings  is 
a  believer  in  open 
source  technology  is  an 
understatement.  The 
company  whose  IT  department 
supports  the  Travelocity  Web 
site,  the  Sabre  Travel  Network 
and  Sabre  Airline  Solutions,  has 
been  using  open  source  tools 
for  some  1 0  years,  according  to 
CTO  Robert  Wiseman.  Cost  cer¬ 
tainly  factors  into  the  reason, 
but  iTs  Sabre's  ability  to  control 
its  own  destiny  by  making 
whatever  changes  it  deems  nec¬ 
essary  that's  the  real  motiva¬ 
tion.  Along  with  Kevin  Bomar, 
Sabre's  senior  principal  of  mid¬ 
dleware  services,  Wiseman 
explains  how  open  source  soft¬ 
ware  and  the  community  that 
supports  it  help  Sabre  deliver 
solutions  that  meet  its  demand¬ 
ing  uptime  requirements. 


Can  you  give  me  a  sense  of  the  scale  of  your 
operation? 

Robert  Wiseman:  We  have  about  5,000 
servers  across  the  world,  probably  two-thirds 
running  open  source.  Close  to  100%  of  our  re¬ 
quests  go  through  a  server  using  open  source 
technology  at  some  point,  primarily  Linux. 


■pip 

Randall  Spratt, 

executive  vice 

president  and 

m • 

CIO  at  McKesson, 

considers  open 

source  an  essen- 

tial  part  of  his  product  develop¬ 

ment  strategy.  Page  25. 

Do  you  use  other,  non-open  source  operat¬ 
ing  systems? 

RW:  We’ve  standardized  on  Red  Hat  Linux, 
but  our  mainframe  runs  a  mainframe  operat¬ 
ing  system,  and  we  have  some  legacy  Unix  sys¬ 
tems  running  various  proprietary  operating 
systems,  but  we’re  starting  to  phase  those  out  as 
we  move  to  a  standard  Linux  environment. 

What  other  open  source  technologies  do  you 
employ? 

RW:  We  use  a  lot  of  them,  from  Apache  and 
Tomcat  [Web  servers]  to  open  source  ESBs 
[enterprise  service  bus] ,  test  tools,  open  source 
databases, Terracotta  for  caching,  and  so  on. 

What  are  the  key  benefits? 

RW:  Certainly  cost  is  an  attractive  aspect, 
which  is  probably  one  of  the  first  reasons  that 
everyone  starts  to  look  at  open  source.  Another 
is  the  ability  to  have  access  to  the  code,  to  have 
control  of  your  own  destiny  At  Sabre  we’re  a 
24/7  environment  and  we  run  32,000  transac¬ 
tions  per  second  across  our  systems  at  peak. 
We  can  never  afford  to  be  down  because  we 
support  airlines  and  travel  agencies  across  the 
world  and,  as  we  say  internally,  it  s  always  peak 


hour  somewhere.  If  we  run  into  problems  — 
which  thankfully  is  very  rare  —  we  have  the 
ability  to  go  in  and  take  a  look  at  the  code  our¬ 
selves  and  make  fixes  if  necessary  With  a  com¬ 
mercial,  off-the-shelf  solution,  you’re  pretty 
much  dead  in  the  water.  You  have  to  fall  back 
[to  a  previous  revision],  if  that's  even  feasible, 
or  wait  for  a  vendor  release. 

Kevin  Bomar:  In  some  cases, support  is  also  a 
benefit.  A  lot  of  times,  the  support  you  can  get 
for  open  source  products  —  the  developer 
help  and  so  on  —  is  better  than  you  get  for 
commercial,  off-the-shelf  software. 

How  important  was  access  to  that  developer 
community  in  your  decision  to  use  open 
source  tools? 

RW:Very  important.  Vendors  are  traditionally 
very  responsive;  it’s  one  of  the  things  we  pay 
them  for.  But  it’s  also  good  to  have  a  communi¬ 
ty  that  can  help  you  address  things  that  maybe 
even  some  of  the  vendors  haven’t  seen. 

KB:  It’s  important  to  see  how  current,  large 
and  active  the  community  is.  If  you’re  consid¬ 
ering  a  certain  open  source  solution  and  it  has¬ 
n’t  had  an  update  in  a  year,  that  probably 

See  Sabre,  page  24 
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Running  business  apps  on  servers  that  aren’t  scalable,  along  with  demanding 
service  levels,  is  consuming  energy  at  an  exponential  rate.  Break  the  cycle 
with  highly  scalable  IBM  servers.  IBM  PowerVM™  virtualization  technology 
can  help  you  consolidate  workloads  from  twelve  single-application  16-core 
HP  Integrity  rx7640  systems  onto  two  16-core  Power™  570  systems  for  up  to 
18%  higher  performance  and  reduced  energy  requirements  of  up  to  44%1  A 
greener  world  starts  with  greener  business.  Greener  business  starts  with  IBM. 

.  v . - =.  ^  _V  '  ;  .  _  j 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

Learn  how  to  improve  app  performance  at  ibm.com/green/performance 


'For  complete  details,  go  to  ibm.com/green/claim.  IBM,  the  IBM  logo,  ibm.com,  PowerVM  and  IBM  Power  570  are  trademarks  of  International  Business  Machines  Corporation,  registered  in  many  jurisdiction:.; 
worldwide.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  "Copyright  and  trademark  information"  at  www.ibm.com/legal/copytrade.shtml.  ©  2008  IBM  Corporation.  All  rights  reserved 


With  the  world’s  data  growing  exponentially,  storage  virtualization  from  IBM  is  a  great 
way  to  gain  control,  improve  flexibility  and  store  your  information  in  a  responsible,  energy- 
efficient  way.  IBM  System  Storage  "  SAN  Volume  Controller  can  reduce  storage  growth  up 
to  20%  and  improve  utilization  by  as  much  as  30%.  Couple  that  with  IBM  Tape  Solutions 
and  you  have  a  truly  comprehensive  plan  to  manage  your  info  over  its  lifecycle.  Some 
companies  have  seen  their  total  cost  of  ownership  reduced  by  as  much  as  40%!.  A  greener 
world  starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD 

Get  the  green  storage  whitepaper  at  ibm.com/green/info 
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YOUR  TAKE:  OPEN  SOURCE  ■  Sabre  ■  McKesson 


Sabre 

continued  from  page  20 

means  the  community  is  not  very  active  and 
you  should  probably  reconsider. 

What  kind  of  things  do  you  rely  on  the  com¬ 
munity  to  help  with? 

KB:  For  developer  knowledge  bases  and, 
depending  on  the  size  of  the  community  fixes 
and  patches.  In  some  cases,  we  go  after  third- 
party  support  for  this;  in  others,  the  community 
is  good  enough. 

How  do  you  determine  whether  the  commu¬ 
nity  is  good  enough? 

KB:  If  it’s  component-level,  it’s  probably  OK  to 
rely  on  the  community  If  it’s  in  the  middleware 
space,  you  need  to  determine  how  broad  and 
active  the  community  is  —  looking  at  things 
like  how  fast  patches  get  out  and  how  tightly 
the  ship  is  run  for  that  community  In  some 
cases  in  the  middleware  space,  we  can  rely  on 
the  community;  in  others  where  we  decided  we 
wanted  more  of  a  guarantee  of  24-hour  sup¬ 
port,  fast  turnaround  time  on  patches  and  so 
forth,  we've  gone  with  third-party  support. 

Are  there  any  projects  you've  undertaken 
using  open  source  technology  that  could  not 
have  been  implemented  any  other  way? 

RW:  There  are  certainly  projects  that  might 
not  have  been  practical  without  access  to 
open  source  solutions,  for  proof  of  concept  or 
prototyping.  One  of  the  benefits  of  open  source 
in  the  early  stages  of  a  project  is  you  don't  have 
to  buy  the  licenses.You  don’t  necessarily  really 


care  about  support  if  you're  just  doing  a  proof 
of  concept  or  a  prototype.  So,  having  access  to 
a  range  of  open  source  products  for  some  of 
our  R&D  groups  spread  across  the  world 
allows  them  to  get  fairly  mature  and  fairly  well- 
baked  solutions  without  spending  an  awful  lot 
of  money 

What  have  been  the  biggest  challenges  in 
deploying  open  source  technologies? 

RW:The  biggest  thing  is  that  a  lot  of  develop¬ 
ers  have  never  met  a  download  they  didn't 
like.  One  of  the  good  things  about  open  source 
is  easy  access  to  the  open  source  technology 
and  products.  One  of  the  downsides  to  it  is  the 
easy  access  to  the  wide  range  of  products  and 
technologies.  I  suspect  a  lot  of  companies  are 
using  open  source  that  actually  aren’t  even 
aware  of  it. We  go  through  a  lot  of  effort  to  con¬ 
trol  our  use  of  any  product,  whether  open 
source  or  commercial,  because  there  is  a  ten¬ 
dency  for  developers  to  download  a  solution 
and  just  start  to  deploy  it.  That  can  start  to  get 
out  of  hand. 

How  do  you  keep  them  from  doing  that? 

RW:  Education,  governance,  management.  We 
look  at  their  code,  we  know  what  the  builds  are 
that  are  going  in. 

KB:  Sometimes  there  are  multiple  open 
source  solutions  for  the  same  problem, 
whether  it’s  rules  engines  or  ESBs.  At  that  point, 
you  need  to  evaluate  which  one  is  the  best 
because  you  don’t  want  to  have  two  open 
source  solutions  for  the  same  problem.  So,  that 
gets  into  bake-offs,  benchmarking,  looking  at 
stability  and  level  of  support  —  that  type  of 


thing.  As  Robert  said,  it’s  educating  the  devel¬ 
opers  and  getting  a  level  of  maturity  in  the 
developers  of  how  they  use  open  source,  and 
also  having  some  governance  and  standards 
around  certain  technologies. 

Have  you  encountered  any  dangers  from 
using  open  source  technologies? 

KB:  With  a  [commercial,  off-the-shelf]  solu¬ 
tion  the  vendors  have  product  road  maps  and 
business  plans  that  you  can  follow. You  have  to 
keep  it  evergreen  with  open  source  and  watch 
the  road  map  more.That’s  why  having  layers  of 
abstraction  is  important.  If  an  open  source 
solution  starts  to  lose  active  community  you 
need  to  have  a  migration  path  in  mind. 

Have  you  ever  had  to  swap  out  a  product 
because  the  community  was  faltering? 

KB:  I  can't  think  of  an  instance  where  that  has 
happened. There  have  been  times  where  we’ve 
seen  one  open  source  solution  start  to  rival 
another  and  maybe  take  the  lead.  Rules 
engines  seem  to  leapfrog  each  other  fairly 
often.  ESBs  are  a  fairly  active  area  as  well.You’ve 
got  Mule,  ServiceMix,  the  Apache  ESB.  So,  you 
need  to  just  watch  those  areas  to  see  which  is 
going  to  be  best-of-breed  a  year  down  the  road. 

What  advice  can  you  give  to  others  who  are 
looking  to  employ  open  source  technolo¬ 
gies? 

RW:  If  you’re  going  to  use  it  in  a  critical  envi¬ 
ronment,  you  need  to  make  sure  you’ve  got 
support.  Abstraction  is  an  important  piece 
whether  you’re  using  open  source  or  not,  so 
you  have  the  ability  to  move  quickly  should 
you  need  to. Training  is  another  aspect.  If  you’re 
going  from  one  product  to  another, you  have  to 
bake  that  into  the  cost/benefit  analysis.  There 
are  a  lot  of  things  that  come  with  changing 
products:  training,  support,  abstractions  to 
make  sure  you  don’t  couple  yourself  to  any 
technology  making  sure  the  community  is 
mature,  that  there  are  openly  available  bench¬ 
marks.  You  ideally  want  to  choose  a  mature 
product.  You  don’t  want  to  be  one  of  the  first 
guys  out. 

What  do  you  think  the  future  holds  for  the 
role  of  open  source  in  the  enterprise? 

RW:  As  open  source  becomes  more  mature, 
there’s  going  to  be  a  fine  line  between  how  peo¬ 
ple  view  commercial  products  and  open 
source  products.  When  you  look  at  the  more 
mature  open  source  products,  there  often  isn’t  a 
lot  of  difference  in  price  compared  to  com¬ 
mercial  products  —  in  some  cases  because 
vendors  have  brought  down  the  price  of  com¬ 
mercial  products  in  order  to  compete.  But  the 
other  benefits  we  mentioned  —  access  to  the 
code,  the  maturity  of  and  access  to  the  com¬ 
munity  —  tip  the  scales  in  favor  of  open  source. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough,  Mass.  Reach  him  at 
paul@pdedit.com. 
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Title: 

Senior  Vice  President  and  CTO 

Organization: 

Sabre  Holdings 

Responsibilities: 

Technology,  starting  at  the  bottom  of  the  stack  and  working 
upwards,  including  storage,  database,  data  management 
software,  network,  servers  and  operating  systems. 
Applications  and  customer-facing  services  are  the  responsi¬ 
bility  of  business  unit  owners. 

Annual  IT  budget: 

Approximately  $20  million 

Number  of  IT  staff: 

150 

Previous  jobs: 

CTO  atTravelport  (Sabre’s  largest  U.S.  competitor);  senior 
vice  president  at  Orbitz. 

First  PC: 

Gateway  486DX,  circa  1998. 

Home  network: 

Wireless  LAN  supporting  two  laptops,  two  desktops,  a 
PlayStation  3  and  PlayStation  Portable,  and  a  BlackBerry. 

First  Internet 
experience: 

"Pretty  late.  Around  1996  at  Delta  Air  Lines,  1  came  across 
AltaVista  and  was  blown  away.  A  year  later,  at  my  wife’s 
urging,  1  asked  for,  and  was  given,  technical  responsibility  for 
Delta.com,  which  at  that  point  was  viewed  by  Delta  corpo¬ 
rate  as  a  ‘tech  toy.' When  1  left  in  2001,  it  had  generated 
about  $1  billion  in  revenue  for  Delta." 

Words  to  live  by: 

"Being  personally  right  isn’t  important;  getting  the  right 
answer  is.” 
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A  prescription  for  lower  costs 

Open  source  technologies  help  McKesson  deliver  lower-cost  IT  solutions  to 
its  healthcare  customers  by  trimming  the  tab  for  hardware  and  software 


“Open  source  has  a 
strong  and  bright 
future,  but  it’s  really 
hard  to  predict  the 
direction  it’s  going 
to  go  because  it  is 
facile.” 

Randall  Spratt 

CIO,  McKesson 


ERIC  MILLETTE 


BY  PAUL  DESMOND 

cKesson  Corp.  is  a  mul¬ 
tifaceted  healthcare 
company,  a  large  dis¬ 
tributor  of  pharmaceu¬ 
ticals  and  a  thriving  developer  of 
healthcare-related  IT  systems.  Its 
software  and  hardware  are 
installed  in  more  than  70%  of 
U.S.  hospitals  with  more  than 
200  beds,  and  handle  every¬ 
thing  from  billing  and  schedul¬ 
ing  to  capturing  MRI-machine 
images  and  preventing  danger¬ 
ous  drug  interactions.  For  the 
last  five  years,  the  company  has 
used  open  source  technology  to 
deliver  products  at  lower  cost 
and  greater  speed,  says  Randall 
Spratt,  executive  vice  president 
and  CIO.  Spratt  now  considers 
open  source  an  essential  part  of 
McKesson : s  product  develop¬ 
ment  strategy 

What  role  is  open  source  playing  in  your 
strategy? 

In  our  technology  division,  our  flagship  line 
of  software  products  is  called  the  Horizon 
suite.The  reference  architecture  for  that  suite  is 
dependent  upon  open  source  components 
and  tools  to  create  and  develop  them. We  don’t 
talk  about  product  names,  but  we  employ 
open  source  operating  systems,  an  open 
source  object-model  interface^  number  of  dif¬ 
ferent  open  source  user-interface  widgets  and 
libraries,  open  source  middleware  and  Web 
servers,  and  a  variety  of  open  source  tools  that 
not  only  provide  low-level  program  libraries 
but  also  support  the  programming  process  in 
general. 

What  are  the  key  benefits  of  open  source? 

The  benefits  for  us  came  from  the  require¬ 
ments  of  the  markets  we  serve.  Healthcare  is  an 
extremely  low-margin  business  with  constant 
cost  pressures.  Frankly,  our  customers  were  not 
able  to  consume  the  solutions  they  needed  at 
the  pace  they  needed  because  of  cost  con- 


straints.So,we  went  to  open  source  primarily  as 
a  strategy  to  reduce  the  extent  of  third-party 
costs  —  primarily  hardware  and  operating  sys¬ 
tem  costs  -  that  were  in  the  solutions  we  sold 
to  customers.  We  saw  those  benefits  emerge 
dramatically  —  an  order-of-magnitude  reduc¬ 
tion  in  the  expense  around  hardware,  for  exam¬ 
ple  —  but  we  also  got  unexpected  benefits  in 
speeding  some  aspects  of  development  and 
higher  levels  of  performance. 

What  were  the  development  benefits? 

We  got  access  to  libraries  of  capabilities  that 
we  would  have  had  to  develop  on  our  own  — 
the  ability  to  take  in  everything  from  user  inter¬ 
face  widgets  to  libraries  of  software  routines 
and  schedulers,  for  example. 

And  how  does  open  source  reduce  hard¬ 
ware  expenses? 

In  two  ways.  The  operating  systems  make 
more  efficient  use  of  lower-cost  hardware  than 
many  commercial  operating  systems,  and  we 
architected  an  environment  where  the  appli¬ 
cation  runs  on  any  number  of  blades  that  sit  on 
top  of  one  or  more  database  servers  and  the 
load  is  then  automatically  distributed.  Hospit¬ 
als  can  start  out  with  a  relatively  modest  invest¬ 


ment  and  as  they  add  users  or  applications, 
scale  by  adding  low-cost  blades  rather  than 
forklifting  out  an  expensive  Unix  server  and 
replacing  it  with  a  larger  server.  So,  not  only  do 
we  get  the  efficiency  benefits  in  the  first  place, 
we  get  a  more  scalable  environment,  where 
each  step  in  the  scale  is  a  modest  step  upward. 

What’s  your  experience  been  with  support¬ 
ing  open  source  operating  systems? 

Like  everyone  else,  it’s  been  a  journey  Initially 
we  ran  into  issues  and  a  number  of  problems 
with  scalability  but  I  think  today  we  would  say 
it’s  a  very  good  experience. 

How  long  have  you  had  open  source-based 
products  installed  in  customer  locations? 

Three  to  three  and  a  half  years. 

Can  you  talk  more  about  initial  problems? 

We  architected  a  load-balanced  solution, and 
we  had  some  difficulty  with  lost  connections 
and  issues  with  performance  of  some  compo¬ 
nents.  Operating-system  support  was  generally 
pretty  good;  but  in  a  healthcare  environment,  if 
you  run  into  a  problem,  it  can  literally  be  a  mat¬ 
ter  of  life  and  death.  If  we  had  a  downed  sys- 

See  McKesson,  page  28 
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Twentieth-century  datacenters  simply  weren’t  built  to  handle  the  demands  of  twenty-first 
century  business.  With  these  hardwired,  high-density  computing  environments,  we’ve  inherited 
inefficiency,  complexity  and  ever-increasing  power  and  cooling  costs.  Businesses  need  a 
new  approach.  IBM’s  New  Enterprise  Data  Center  is  a  vision  for  the  highly  efficient,  greener-by¬ 
design,  business-driven  IT  model  you’ll  need  for  tomorrow.  This  isn’t  some  far-off  theory. 
IBM  is  already  working  with  over  2,000  clients  to  help  make  this  vision  a  reality.  A  greener 
world  starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD 

See  our  Webcast  about  greener  datacenters  at  ibm.com/green/datacenter 
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tem  and  couldn’t  figure  it  out  ourselves  pretty 
rapidly  we  needed  Tier  3  support  right  away 
We’ve  worked  those  relationships  out.  It’s  just  a 
matter  of  the  companies  behind  the  products 
maturing  in  their  business  models,  more  than 
the  technology  itself. 

Are  there  any  projects  you’ve  under 
taken  using  open  source  technologies 
that  couldn't  have  been  implemented  any 
other  way  -  from  either  a  technical  or 
practical  perspective? 

1  don’t  think  there's  anything  we  couldn’t 
have  implemented  from  a  technical  perspec¬ 
tive.  But  practically  —  meaning  within  the 
same  time  or  cost  of  delivery  windows  —  cer¬ 
tainly  Open  source  has  definitely  improved  our 
time  to  market  in  several  key  areas,  and  it’s 
improved  the  cost  of  delivery  in  several  key 
areas.  So  —  practically  yes;  technically  no. 

Have  you  encountered  any  dangers  in  using 
open  source? 

Like  any  software, you  have  to  subject  it  to  dil¬ 
igent  testing  and  add  your  own  quality  meas¬ 
ures  on  top.  I  can’t  say  that  all  the  open  source 
software  we’ve  attempted  to  use  has  been  high 
quality  But  I  don’t  think  it’s  presented  a  danger; 
more  of  a  challenge. 

To  what  extent  are  you  using  open  source 
internally  in  your  IT  organization? 

Internally  we  have  probably  15%  or  so  of 
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our  server  environment  under  Linux.  And 
we’re  constantly  standing  up  new  Linux 
servers  for  R&D.  But  in  terms  of  production 
environments  the  company  depends  on,  it’s 
modestly  penetrated. 

Is  it  growing? 

Yes,  it’s  definitely  growing.  We  were  going 
down  a  Linux  strategy  pretty  heavily  three 
years  ago  when  we  ran  into  a  pretty  good 
speed  bump  in  trying  to  scale  one  of  our 
critical  applications,  and  had  to  retrench 
and  go  back  to  a  proprietary  operating  sys¬ 
tem  to  get  the  performance  we  needed. That 
made  the  businesses  very  cautious  about 
pursuing  it  aggressively  again.  All  of  our 
experience  tells  us  that  the  maturation  has 
been  significant  since  then,  but  we’re  slow- 
rolling  it.  We  tend  to  put  newer,  lower-end 
applications  up  on  Linux  and  leave  the 
existing  apps  that  are  already  running  on 
other  systems  on  those  systems  rather  than 
undertake  the  risk  of  change. 

What  are  your  plans  for  open  source  going 
forward? 

We  continue  to  investigate  other  open 
source  offerings.  We’re  testing  out  some 
open  source  database  capabilities  that  have 
the  potential  to  replace  proprietary  data¬ 
base  offerings.  We  continue  to  extend  open 
source  platforms  in  our  infrastructure.  As 
open  source  applications  mature,  we’re 
keeping  an  eye  on  and  evaluating  the 
replacement  of  some  proprietary  applica¬ 
tions,  like  [Microsoft]  Office  for  example. 


How  is  that  evaluation  going? 

We  don’t  think  [open  source  office-produc¬ 
tivity  products  are]  quite  ready  for  an  organi¬ 
zation  of  our  size,  but  they’re  getting  close.The 
replacements  for  Word  and  Excel  and  Power¬ 
Point  are  probably  closer  than  replacements 
for  Exchange.The  email  and  calendaring  have 
a  ways  to  go,  but  the  document-based  solu¬ 
tions,  for  at  least  a  segment  of  our  user  base,  are 
getting  close.  I  don’t  want  that  to  be  portrayed 
as  we’re  ready  to  switch,  but  we're  certainly 
seeing  a  closure  in  the  gaps. 

What  do  you  think  the  future  holds  for 
the  role  of  open  source  in  the  industry  in 
general? 

It  plays  a  strong  role  in  the  future.  There  are 
some  uncertainties  about  the  revenue  model. 
In  the  end,  everything  depends  on  survivable 
solutions,  so  if  you  look  at  some  of  these  little, 
tiny  companies  that  are  trying  to  pin  a  financial 
future  to  small  code  libraries  and  such,  they’re 
going  to  find  it  difficult  to  stay  alive.  But  in  gen¬ 
eral,  it  will  mature  and  the  open  source  indus¬ 
try  probably  will  undergo  some  reorganization 
itself  through  market  forces,  not  only  around 
consolidation  but  probably  more  converged 
access  and  more  converged  common  connec¬ 
tions  or  interfaces  between  the  software. 

Expand  on  that  -  converged  access  and 
common  connections. 

If  you  look  at  the  open  source  world,  it’s  a 
collection  of  everything  from  useful  little 
applications  to  little  parts  and  pieces  used  to 
build  applications  and  operating  systems  to 
run  those  applications  on.  But  when  you  get 
out  to  the  end  of  the  application  world,  you 
have  fairly  large-scale  applications  that  are 
supporting  significant  business  processes; 
and  those  processes  need  to  connect  with 
related  business  processes.  For  example,  if  I’m 
developing  a  contract  for  a  customer,  that 
contract  has  to  connect  to  our  quoting  sys¬ 
tem,  our  contract-management  system,  our 
invoicing  system  and  the  like.  And  the  open 
source  industry  isn’t  yet  to  a  point  where  it’s 
offering  these  large-scale  applications.  So,  for 
open  source  to  mature  beyond  what  is  essen¬ 
tially  a  tools  environment,  it’s  going  to  need  to 
penetrate  the  space  that’s  presently  occupied 
by  proprietary  application  vendors.  And  that 
means  converging  some  of  these  tools  into 
larger-scale  applications  and  having  those 
applications  share  everything  from  common 
data  definitions  to  common  information- 
interchange  protocols.  Think  of  an  open 
source  SAP  or  an  open  source  Oracle 
Financials.  How  do  we  get  there?  Because 
that’s  really  where  the  business  value  is. 

Bottom  line  is  open  source  has  a  strong  and 
bright  future,  but  it’s  really  hard  to  predict  the 
direction  it’s  going  to  go  because  it’s  so  facile. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough,  Mass.  Reach  him  at 
paul@pdedit.  com. 


Title: 

Executive  Vice  President,  CIO 

Organization: 

McKesson  Corp. 

Responsibilities: 

Globa!  technology  infrastructure  and  strategy 

Number  of  IT  staff: 

620 

Previous  jobs: 

Chief  process  officer  and  senior  vice  president  of  imaging  tech¬ 
nologies  for  McKesson's  technology  division;  general  manager  of 
McKesson  laboratory  systems  division  in  Eugene,  Ore.  Has  been 
with  McKesson,  or  companies  acquired  by  McKesson,  for  21  years. 

First  PC: 

A  CPM-based  machine  made  by  Control  Data  Corp.,  where 

Spratt  then  worked.  It  had  a  pair  of  10-inch  floppy  disks  for  stor¬ 
age,  and  what  was  then  called  a  graphics  monitor.  It  retailed  for 
$25,000,  but  the  company  paid  for  it.  "It  cost  me  an  extra  $2,000  to 
buy  a  Fortran  compiler  for  it." 

First  Internet 
experience: 

Around  1994  or  1995  at  the  University  of  Michigan,  storing  labora¬ 
tory  results  in  a  database  made  available  to  physicians  over  the 
Internet. 

Home  network: 

A  16-port  switch,  three  wireless  access  points,  eight  computers, 
three  security  stations,  a  home  media  server  for  backups  and 
media  distribution,  three  online  video  games,  a  terabyte  storage- 
area  network  and  three  network  printers  —  all  behind  a  firewall- 
based  VPN. 

Words  to  live  by: 

"We’re  judged  more  by  what  we  finish  than  by  what  we  start." 
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CARBON 
COUNTING 
FOR  BEAN 
COUNTERS. 


IBM  collaboration  software  and  services  connect  people  faster  wherever 
they  are,  which  means  less  jet  fuel,  energy  and  money.  And  IBM  software’s 
advanced  deduplication  and  data  compression  can  lower  the  energy  and 
space  costs  of  your  collaboration  infrastructure  by  up  to  half.  A  greener  world 
starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

See  tFe"  green  demo  at  ibm.com/green/collaboration 
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Going  green  with  BPM  tools 


TECH  UPDATE 

An  inside  look  at  technologies  and  standards 


LAURA  MOONEY 

It  is  clear  that  IT  is  a  key  tool  in  corporate  efforts  to  go  green.  But  while 
the  prevalent  focus  is  on  IT  power  consumption,  don’t  overlook  what 
business  process  management  (BPM)  software  can  do  to  help  you  sup¬ 
port  the  environment  while  generating  significant  cost  savings. 


Examine  these  basics: 

•  How  much  paper  —  printed  forms,  memos 
and  so  on  —  does  the  organization  consume? 

•  How  much  fuel  is  wasted  on  interoffice 
mailings  and  postal  mailings  to  customers  and 
suppliers? 

•  How  much  raw  material  is  wasted  because 
of  inefficient  manufacturing  processes? 

BPM  tools  can  help  IT  organizations  signifi¬ 
cantly  reduce  corporate  consumption  in  all 
three  areas  through  process  automation,  both 
internally  and  externally. 

Reduce  paper 

BPM  software  proves  to  be  highly  effective  in 
the  quest  to  eliminate  paper  because  it  not 
only  lets  you  create  online  forms  and  docu¬ 
ments,  it  also  lets  organizations  incorporate 
those  online  documents  into  automated 
processes  that  remove  the  need  to  manually 
route  and  track  paper.  As  a  result,  BPM  elimi¬ 
nates  the  cost  and  environmental  burden  of 
paper, while  at  the  same  time  allowing  for  more 
effective  governance  and  control. 

The  average  U.S.  office  worker  is  estimated  to 
use  a  sheet  of  paper  every  12  minutes  and  dis¬ 
pose  of  100  to  200  pounds  of  paper  every  year. 
BPM  software  can  serve  as  the  common  plat¬ 
form  for  eliminating  paper  and  automating 
processes  throughout  organizations. 

Take  the  City  of  New  Orleans.  In  2008,  it  used 
BPM  software  to  take  its  contracts  manage¬ 
ment  process  online,  automating  the  process¬ 
ing  of  more  than  $1  billion  worth  of  contracts. 
In  the  absence  of  process  automation,  each 
contract  would  have  moved  by  manila  folder 
through  eight  offices.  It  had  typically  gone 
from  one  stakeholder  desk  to  another’s 
through  inter-and  intra-office  mailings,  often 
with  inefficient  tracking  and  delivery  methods. 

Beyond  the  paper  savings  of  online  forms 
and  documents,  organizations  that  have 
aligned  BPM  with  enterprise  architecture  (EA) 
efforts  have  facilitated  the  electronic  docu¬ 
mentation  of  the  processes,  which  otherwise 
would  result  in  volumes  of  paper  being  con¬ 
sumed  and  stored.  That  lets  organizations  ere 
ate  graphical  models  of  all  processes,  com¬ 
plete  with  annotations  and  documented  inter¬ 
dependencies.  Paper  is  largely  eliminated  and 
it  becomes  easier  to  maintain  processes  and 
keep  them  current,  reducing  the  overhead  of 


ongoing  compliance  and  resulting  in  more 
accurate  “virtual  documentation.” 

Reduce  fuel  and  transport 

Reducing  paper  also  cuts  down  on  the 
amount  of  physical  transport  required  to  share 
information.  The  ability  to  complete  and  sub¬ 
mit  forms  online  eliminates  the  need  to  mail 
documents  such  as  applications  and  purchase 
orders.  In  addition,  because  BPM  allows  for  the 
automation  of  human-intensive  processes  and 
the  movement  of  mission-critical  paperwork 
online,  knowledge  workers  are  able  to  review, 
annotate  and  collaborate  online,  reducing  the 
frequency  of  business  travel.  Think  of  the  sav¬ 
ings  from  an  environmental  perspective  — 
lower  transportation  emissions,  less  fuel  usage, 
and  less  wear  and  tear  on  the  physical  infra¬ 
structure  that  supports  these  activities. 

Tetra,  a  global  manufacturer  of  aquarium 
products,  used  BPM  to  move  its  engineering 
change-request  process  online.  The  solution 
enabled  the  organization  to  not  only  elimi¬ 
nate  paper  and  costly  mail  between  offices, 
but  also  allowed  engineers,  scientists  and 
other  knowledge  workers  in  a  variety  of  loca¬ 
tions  to  collaborate  on  product  changes 
online.  Before  BPM, one  change  request  could 
include  drawings  of  50  parts  and  generate  an 
exponential  amount  of  paperwork  to  process 
the  request. 

With  BPM,  all  documentation  is  online,  and 
multiple,  geographically  dispersed  users  can 
simultaneously  review  the  product  folders  and 
subfolders. 

According  to  a  recent  Barclaycard  study,  a 
typical  business  person  will  travel  approxi¬ 
mately  7,200  miles  per  year  beyond  their  daily 
commute  —  that’s  the  equivalent  of  3. 1  tons  of 
C02  emissions  per  person,  per  year.  With  more 
than  200  million  trips  per  year  attributed  to 
business  travel  in  the  United  States,  the  total 
environmental  savings  from  reducing  travel  by 
a  modest  20%  through  online  collaboration 
and  process  automation  could  be  staggering. 

More  efficient  manufacturing 

On  the  manufacturing  front,  duplication  of 
work  and  processes  can  lead  to  excessive  costs 
and  inefficient  resource  usage.The  idea  of  lean 
manufacturing  as  a  protocol  was  originated  by 
Toyota  in  the  early  20th  century,  but  new  tech¬ 


nologies  are  letting  manufacturers  identify  pro¬ 
cess  interdependencies  and  take  a  broad  view 
of  manufacturing  process  optimization. 

Once  the  product  leaves  the  manufacturing 
floor,  process  automation  solutions  such  as 
BPM  enable  companies  to  increase  control 
over  both  internal  and  external  processes  such 
as  purchase  order/invoicing,  logistics,  and 
transportation  and  trading  partner  integration. 
Shortening  transportation  routes  by  limiting 
movement  and  resources  use  and  converting 
manual,  paper-based  procurement  and  pay¬ 
ment  processes  into  automated  electronic 
transactions  between  manufacturers,  partners, 
retailers  and  customers  leads  to  significantly 
reduced  environmental  impact. 

In  addition,  a  proper  understanding  of  your 
supply-chain  network,  related  assets  and  inter¬ 
dependent  processes  that  is  well  documented 
in  an  EA  tool  can  help  identify  and  eliminate 
duplicate  resources,  excess  overhead  or  ineffi¬ 
cient  distribution  channels.  Leveraging  a  tool 
will  enable  increased  visibility  and  analysis  — 
and  correcting  these  issues  could  eliminate 
buildings,  machinery  and  inefficient  trans¬ 
portation  routes,  all  of  which  contribute  to  a 
more  environmentally  and  economically  sus¬ 
tainable  business  model. 

Supply-chain  benchmarking  and  sustainabil¬ 
ity  efforts,  combined  with  process  automation, 
can  yield  sustainable  carbon-footprint  reduc¬ 
tions  through  more  optimized  paper  and  fuel 
consumption,  reduced  physical  overhead  and 
less  raw  material  and  resource  usage. 

Adding  it  up 

Industry  needs  to  embrace  environmental¬ 
ly  sustainable  business  practices  because  it 
is  the  right  thing  to  do  and  because  govern¬ 
ments  will  likely  force  the  issue  through  new 
regulations  and  requirements.  You  can  wait 
for  the  mandates  or  proactively  improve 
your  operations  in  ways  that  will  positively 
impact  the  environment  and  deliver  mea¬ 
surable  cost  savings  and  a  long-term  plat¬ 
form  for  sustainability. 

Implementing  a  common  technology  plat¬ 
form  for  business  process  management  and 
enterprise  modeling  will  enable  you  to  go 
green  in  more  ways  than  one. 

Mooney  is  vice  president  of  corporate  com¬ 
munications  at  Metastorm  ( www.meta 
storm.com). 


This  vendor-written  tech  primer  has  been 
edited  by  Network  World  to  eliminate  prod¬ 
uct  promotion,  but  readers  should  note  it 
will  likely  favor  the  submitter's  approach. 
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Brands  that  have  revolutionized  online 
business  have  one  thing  in  common... 


Akamai,  Enabling  the  Revolution 


BURGER  KING®  serves  over  1 1  million  guests  a  day, 
worldwide  —  in  1 1,455  restaurants  in  70  countries.  The 
performance  and  availability  of  its  online  SAP®  portal  is 
critical  to  corporate,  partner  and  franchisee  operations. 
From  ordering  buns  to  conducting  real-time  labor 
scheduling  ;o  interoffice  communications,  Akamai's 
services  have  enabled  the  'HOME  OF  THE  WHOPPER®' 
to  revolutionize  its  global  Web  applications. 


A  lot  can  happen  in  ten  years.  Especially  with 
internet  technology  that's  revolutionizing  virtually 
every  facet  of  business.  New  sales  channels.  New 
applications  and  advertising  models.  In  our  first 
ten  years,  Akamai  has  helped  the  world's  leading 
businesses  become  the  world's  leading  online 
businesses.  And  we're  just  getting  started. 


Hear  from  other  Internet  Revolutionaries  at 

www.akamai.com/customers  r  A 


«f&l|  Wolverine  Internet  radio  is  almost  good 
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Mark  Gibbs 


nternet  radio  is  big.  Pretty  much  every  “terres¬ 
trial”  radio  station  now  streams  live  and  many 
such  as  KCRW  in  Santa  Monica  (one  of  my 
all-time  favorite  radio  stations),  offer  dedicated 
news  and  specialized  music  streams.  And  then 
GEARHEAD  there’s  the  huge  number  of  Internet-only  stations, 
such  as  SomaFM  with  its  14  commercial-free, 
advertiser-supported,  incredibly  groovy  channels. 

So,  what  are  you  going  to  use  to  listen  to  this 
overflowing  smorgasbord  of  music?  Most  of  these  stations  use  such  stan¬ 
dards  as  MPEG  or  Real  Audio  streaming,  or  provide  flash-based  players, 
so  there’s  no  problem  finding  PC-  and  Mac-based  solutions. 

But  what  if  you  want  to  listen  to  Internet  radio  without  a  PC?  I’ve  cov¬ 
ered  a  few  options  in  previous  columns,  such  as  Logitech  Slim  Devices’ 
Squeezebox  Classic,  which  I  reviewed  last  year  and  which  still  is  one  of 
the  very  best  products  in  the  market  (although  at  $300,  it’s  not  cheap). 
And  this  week  I  have  a  new  entrant  into  the  dedicated  Internet  radio 
player  market:  the  World  Radio  from  Wolverine  Data  ($180). 

I  reviewed  one  of  Wolverine’s  products  a  couple  of  years  ago,  and  the 
World  Radio  is  consistent  with  the  company’s  other  products  —  that  is, 
almost  good  but  disappointing. 

The  World  Radio  sports  a  retro,  boxy  kinda  cheap  look  (that  my  wife  just 
doesn’t  like  at  all),  and  has  a  power  button;  a  home  button;  a  back  but¬ 
ton;  four  buttons  for  presets;  and  two  knobs,  one  for  volume  and  the  other 
for  scrolling,  which  you  also  press  to  select  the  currently  highlighted  entry 
on  the  puny  and  low-resolution  monochrome  display 

The  World  Radio  immediately  found  my  Wi-Fi  access  point  (the  device 
can  also  connect  via  wired  Ethernet), and  after  I  entered  my  access  code 
(the  user  interface  would  make  this  a  clumsy  process  but  the  included 
remote  solves  this  problem),  it  was  online.  I  browsed  the  stations  by  coun¬ 


tries  and  eventually  found  KCRW  and  voila!  I  was  listening!  Cool. 

That  said,  while  news  and  talk  channels  sound  fairly  good,  the  sound 
quality  for  music  channels  leaves  a  lot  to  be  desired. The  bass  is  almost 
nonexistent,  the  middle  is  flat  and  the  top  is  rather  tinny  Not  truly  awful, 
but  not  at  all  good. 

The  World  Radio  also  can  play  music  via  Windows  Media  Player  1 1 
running  on  your  PC  (tough  luck  to  you  OS  X  users). 

So,  does  the  World  Radio  have  issues?  You  betcha.The  user  interface 
is  poor.  The  low  resolution  of  the  display  and  its  poor  organization 
make  it  clumsy  but  the  slowness  and  lack  of  responsiveness  are  what 
really  irritated  me.The  World  Radio  also  gets  confused  and  when  con¬ 
fused,  it  just  sits  there  and  does  nothing.  The  only  answer  is  to  unplug 
it,  plug  it  back  in,  then  switch  it  on  again.  In  fact,  that  is  the  same  prob¬ 
lem  I’ve  had  with  other  products  (such  as  the  Sony  Reader)  that  try  to 
replace  traditional  devices:  If  you  want  to  replace  a  radio  or  a  book 
you  can’t  deliver  something  more  complicated  unless  you  add  a  huge 
amount  of  value  —  and  it  is  there  that  the  World  Radio  and  the  Sony 
Reader  simply  don’t  cut  it. 

There  are  more  issues  with  the  World  Radio, such  as  the  weird  and  use¬ 
less  Web  interface  and  the  clumsy  bundled  vTuner  service  (this  provides 
Internet-based  selection  of  channels  for  your  unit), but  here’s  the  bottom 
line:  The  World  Radio  isn’t  completely  awful,  it  is  just  lame  and  buggy  I 
was  impressed  initially  but  with  experience  the  World  Radio  is  simply 
disappointing.  I’ll  give  it  a  2  out  of  5. 

Oh,  and  on  the  Wolverine  Web  site,  don’t  believe  the  simulations  of  the 
World  Radio  user  interface:  The  real  one  isn’t  in  color,  it  doesn’t  have 
nice  fonts  and  it  doesn’t  work  that  fast.Tut,  tut,  tut. 

Will  Gibbs  get  over  his  disappointment  in  Ventura,  Calif?  He  will  if  you 
tell  him  what  devices  have  disappointed  you  at  gearhead@gibbs.com. 
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Lessons  learned 
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COOL 


n  page  34  is  our  annual  “Cool  Yule  Tools” 
holiday  gift  guide,  in  which  we  present  our 
favorite  tech  gift  ideas  for  the  holiday  sea¬ 
son.  For  nine  years,  I’ve  coordinated  the  pro¬ 
duction  of  the  guide,  which  involves  many 
hours  of  testing  products  to  make  sure  they 
have  the  Network  World  Cool  Yule  Elves  seal  of 
approval.  I  lere  are  five  things  I  learned  this  year: 

Analog-todigital  conversion  is  hot.  This  seems 
to  be  the  year  of  taking  old  media  formats  (vinyl  albums,  cassette  tapes, 
old  VCR  tapes)  and  converting  them  to  digital.  If  you’ve  got  bunches  of 
“older”  media  sitting  in  boxes,  there  are  several  gadgets  that  let  you  dig¬ 
itize  them  into  electronic  bits. 

The  iPhone  still  rocks.  I’m  a  big  fan  of  the  Apple  iPhone  3G,  but  an 
even  bigger  fan  of  the  App  Store  and  the  multitudes  of  applications 
being  developed  that  turn  this  mobile  device  into  an  even  more  valu¬ 
able  tool.  In  addition,  the  number  of  iPhone  and  iPod-related  acces¬ 
sories  continue  to  astound  me  —  such  great  devices  as  Griffin  Technol¬ 
ogy’s  AirCurve  and  Belkin’s  RockStar. 

Simple  really  is  better.  I  was  much  more  impressed  and  encouraged 
by  products  that  did  one  or  two  things  really  well,  rather  than  trying  to 
tackle  a  bunch  of  complicated  features  and  bundle  them  into  one  big 
package  (other  than  Epson’s  fine,  multifunction  Artisan  800  printer).  I’m 
always  happy  to  see  manufacturers  that  think  about  ease  of  use  in  their 
products,  because  it  means  that  my  nontechie  friends  won’t  be  bother¬ 
ing  me  for  tech  support  when  1  give  them  a  tech  gift. 

I  always  bite  off  more  than  I  can  chew.  The  goal  of  our  gift  guide  is  to 
span  the  universe  of  technology  products  to  try  to  present  the  best  of 
the  best.  I  always  end  up  with  more  products  than  I  can  test  and  write 
about  (until  I  perfect  either  the  cloning  device  or  time  machine).  Fort¬ 
unately  we  have  a  few  more  weeks  before  the  holidays, so  stay  tuned  in 


in  the  holiday  gift  guide 


this  space  and  online  for  more  reviews  and  gift  ideas  as  I  catch  up  from 
the  onslaught  of  product  submissions. 

Don’t  let  your  art  department  talk  you  into  posing  as  rock  stars.  OK,  I’ll 
admit,  it  was  fun  getting  dressed 
up  as  Slash  from  Guns  N’  Roses 
for  the  photo  shoot.  The  Elvis 
costume,  on  the  other  hand,  was 
a  bit  snug.  Looks  like  I’ll  have  to 
break  out  my  Wii  Fit  again. 


Shaw  can  be 
reached  at  kshaw 
@n  ww.com.  Cool 
Tools  videos  and 
Twisted  Pair  pod¬ 
casts  available  at 
www. network 
world.com. 
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STUFF 


HAPPENS. 


No  matter  where  you  are 
or  what  you’re  doing,  something  or 
someone  can  compromise  your  DNS. 
Be  the  first  to  know  about  your  domain 
or  email  problem,  especially  when 
your  business  depends  on  it. 

■1  DNSstuff.com 


Alert  services  that  work  for  you 
24/7/365 

DNSalerts  (domain  monitoring) 
RBLalerts  (email  blacklist  monitoring) 

■  Put  our  alerts  to  the  test  -  FREE! 
Select:  Promo  Pack  |  Alert  Combo  2  month 
Coupon  code:  NWWALERT 


•axiom 


BY  KEITH  SHAW  AND  THE  COOL  YULE  ELVES  (AND  ONE  COOL  YULE  ELVIS) 


Cool  gadgets  are  back.  A  year  after  the  iPhone  overshadowed  every¬ 
thing  else,  consumer  electronics  manufacturers  have  kicked  it  up  a 
notch  —  this  year’s  offerings  in  the  high-tech  holiday  gift  space  are 
roc  kin.’ 


Taking  our  cue  from  two  of  the  hottest  video  games  (Rock  Band  2  and 
Guitar  Hero  World  Tour),  we  chose  holiday  gifts  that  rocked  the  house. 
Whether  a  hot  new  notebook  or  a  wicked  cool  iPod  speaker  system,  the 
gifts  on  the  following  pages  all  have  one  thing  in  common  —  they 
rocked  during  our  tryouts. 


So  sit  back,  relax  and  enjoy  the  music  as  you  peruse  this  year’s  guide. 
For  an  encore,  head  online  (www.nwdocfinder.com/7433)  to  see  our 
holiday  gift  suggestions  that  all  will  make  you  feel  like  a  rock  star. 


mStation  2.1  Stereo  Tower  (opposite  page)  $299.95 
This  may  not  be  the  world's  largest  iPod  speaker  system, 
but  it  certainly  comes  close.  The  speaker  system  has  100 
watts  of  stereo  sound  with  a  5.25-inch  dedicated  sub¬ 
woofer,  and  six  docking  cradles  for  various  iPod  audio 
players.  A  10-key  remote  control  and  the  ability  to  syn¬ 
chronize  via  iTunes  (a  USB  cable  connects  to  your  com¬ 
puter)  make  this  a  great  speaker  system  for  an  office,  liv¬ 
ing  room  or  home  entertainment  area. 


Axiom  M3-V2  Bookshelf  Speakers  (above)  $330  per  pair 
These  are  one  of  the  best  values  in  bookshelf  speakers 
today.  With  a  crisp  and  balanced  sound,  a  6.5-inch  alu¬ 
minum  woofer  and  1-inch  titanium  tweeter,  these  would 
be  perfect  for  people  in  the  market  for  music  or  home 
theater  speakers. 
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Solutions 


Collaboration 


Delivery 


Support 


Billing 


A  S  i/ytjp/e. 

and  a£ttactiv<° 

invoicing  /yjod&f 


Stova  Wong,  CIO,  Paul  Hastings 

&X peitt  / 


At  Paul  Hastings,  a  globally-recognized  law  firm  with  1,200  attorneys  and  18  offices  worldwide,  timely  and 
accurate  communication  of  information  is  a  24/7/365  priority.  Enter  MASERGY,  with  a  redefined  approach  to 
global  networking.  Through  a  passionate  dedication  to  the  customer  experience,  our  proven  IP  MPLS  network  offers  flexible 
solutions,  responsive  collaboration,  seamless  global  delivery,  proactive  support  and  simplified  billing. 

And  in  the  case  of  CIO  Stova  Wong,  our  unique  solutions  and  billing  models  bring  a  welcome  sense  of  comfort. 


<e/?d<£  CLMSlti o/yje-t  -Acxl 
cj/ oAd/  /? S<o/ <0/7,5 


^ MASERGY 

Global  Networking  Redefined 


1.866. MASERGY  |  masergy.com 
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Observer's  Application  Analysis 

Application  performance  management  is  an  important  part  of  your  day-to-day  business  operations— and  it's 
an  integral  part  of  the  Network  Instruments®  solution  set.  Standard  in  our  Observer®  line  of  network  analysis 
products,  our  application  analysis  capabilities  give  you  a  depth  and  detail  unique  in  the  industry.  And  because 
we  don't  charge  separately  for  application-layer  visibility,  our  solution  provides  a  value  not  found  elsewhere. 
At  Network  Instruments,  we  understand  it's  all  in  the  details. 

Ensure  application  uptime  and  productivity  with  Observer. 


HETWOm 

INSTRUMENT 


Learn  more  today.  1-800-526-6077 
www.Networklnstruments.com/depth 


©  2008  Network  Instruments,  LLC.  All  rights  reserved.  Observer,  Network  Instruments,  and  all  associated  logos 
are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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Instantly  Search 
Terabytes  of  Text 

♦  dozens  of  indexed, 
unindexed,  fielded  data 
and  full-text  search 
options  (including 
Unicode  support  for 
hundreds  of 

international  languages) 

♦  file  parsers  /  converters 
for  hit-highlighted 
display  of  all  popular 
file  types 

♦  Spider  supports  static 
and  dynamic  web  data; 
highlights  hits  while 
displaying  links, 
formatting  and  images 
intact 

♦  API  supports  .NET,  C++, 
Java,  databases,  etc. 
New  .NET  Spider  API 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


♦  "Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a 
single  index  and  returns  results  in  less  than  a  second" 

-  InfoWorld 

♦  "For  combing  through  large  amounts  of  data,"  dtSearch 
"leads  the  market"  -  Network  Computing 

♦  dtSearch  "covers  all  data  sources  ...  powerful  Web-based 
engines"  -  eWEEK 

♦  dtSearch  "searches  at  blazing  speeds"  -  Computer  Reseller 
News  Test  Center 


Desktop  with  Spider 
Network  with  Spider 
Publish  for  CD/DVDs 
Web  with  Spider 

w  Win  &  .NET 


for  Linux 


Instantly  Seareh 
TerabytesofText 


See  www.dtsearch.com  for  hundreds  more  reviews, 
and  hundreds  of  developer  case  studies 


Contact  dtSearch  for  fully-functional  evaluations 


asm 


1-800-IT-FINDS  •  www.dtsearch.com 


NetSinf 


NETWORK  SIMULATOR 


C  C  E  N  T®  I  C  C  N  A®  I  CCNP® 


NetSim  Provides: 


» 


» 


» 


Hands-on  training 
without  the  hardware 

Guided  labs  to  help 
you  learn  the  technology 

Ability  to  build  and 
test  your  own  network 


Get  Started  Learning  Today! 


CUSTOMIZED 

POWER  &  MONITORING  SOLUTIONS 


QUALITY  ASSURED 


Geist  products  are  built  to  order  and  made  in  the  USA.  We  use 
one  piece  flow  and  in-process  quality  inspection  to  guarantee 
each  unit  is  individually  examined.  Geist  operates  a  state-of-the-art 
testing  lab,  supervised  by  an  in-house  conformance  engineer.  By 
having  this  facility  within  Geist,  we  are  able  to  ensure  regulatory 
compliance  for  all  of  our  products  including  custom  units. 


Get  started  creating  your  ideal  power  and  monitoring  solution 


800-432-3219  ~ 

www.  geis  tmf  g .  cam 
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Beamz  $399 

Cine  of  this  year's  most  unusual  devices 
is  beam/,  a  W-shaped  piece  of  hardware 
that  lets  you  create  music  by  waving 
your  hands  over  some  laser  beams.  With 
software  residing  on  a  connected  PC,  the 
beamz  responds  to  a  performer’s 
motions  to  create  a  musical  perform¬ 
ance.  It’s  a  lot  like  air  guitar,  but  with 
additional  instruments  —  and  it  doesn't 
make  you  look  foolish.  The  system 
comes  with  30  original  pieces  in  musical 
genres  including  rock,  jazz,  reggae,  hip 
hop  and  classical.  More  songs  can  be 
purchased  online. 


1  * 


Logitech  Squeezebox  Boom  $300 
This  very  nice  all-in-one  system  (net¬ 
worked  media  player,  30-watt  digital 
amplifier  and  speakers)  enables  users  to 
access  tons  of  music  over  a  home  net¬ 
work.  Connected,  the  Squeezebox  Boom 
links  to  music  stored  on  a  PC  hard  drive, 
or  goes  out  to  the  Internet  to  access 
Internet  radio  and  online  music  services. 


Belkin  RockStar  $19.95 
Our  rock-star  holiday  guide  has 
to  include  a  device  called  Rock- 
Star.  The  star-shaped  device  has 
five  audio-input  jacks  for  head¬ 
phones,  as  well  as  an  input  jack 
to  connect  an  iPod,  iPhone  or 
other  audio  player.  When  head¬ 
phones  (or  speakers)  are  con¬ 
nected  to  the  other  prongs  on 
the  RockStar,  multiple  users  can 
listen  to  the  single  audio  device. 


''^attrvctvr 


Wirsteji 


Apple  iPhone  3G  with  Otterbox 
Defender  case  $300  for  iPhone, 


$49.95  for  Otterbox  case 
We  would  be  remiss  if  we  didn’t  mention  the 
iPhone  3G  in  this  guide  —  we’ve  written  a 
lot  about  this  device  over  the  last  year,  so 
adding  more  plaudits  seems  like  overkill. 

But  we  also  want  to  mention  our  favorite 

case  for  the  iPhone  3G,  the  very  protective  Otterbox  Defender.  Not  only  does  the 
hard  plastic  case  protect  the  iPhone  from  drops  and  scratches,  but  the  silicone 
skin  provides  additional  protection  from  bumps  and  shocks,  and  a  thin,  clear 
membrane  covers  the  touchscreen  to  help  prevent  scratches. 


WowWee  RS  Tri-bot  $99 

The  latest  model  in  WowWee’s  Robosapian  line  of  robotic  toys,  the  Tri-bot  has  a 
Pee-wee  Herman-like  personality  and  radio  control  car-like  speed  —  it  can  cover 
more  ground  and  crack  more  wise  than  any  previous  WowWee  model.  The  robot 
includes  an  omni-directional  three-wheeled  base,  blinking  LED  eyes  and  a  guard 
mode  that,  when  triggered,  causes  it  to  whoop  and  flash  erratically. 


SIhiiv  can  be  reached  at  kshaw@nww.com 


Our  Rock  and  Roll  Fantasy  continues 
at  www.nwdocfinder.com/7433 , 

where  you  can  peruse  more  than  100 
other  holiday  gift  ideas  for  the  rock- 
star  techie  on  your  list.  Be  sure  to 
watch  videos  of  some  of  our  favorite 
gifts,  as  well  as  a  special  Rock  Band  2 
performance  by  Keith  Shaw. 


Photography  by  Steven  Vote,  hair  and  makeup  by  Tammy  O  'Connor 


Special  thahks  to  our  Cool  Yule  Elves:  Brian  Wood,  Kevin  Konikowski,  Stephanie 
Crivvllp,  Cheryl  Crivello,  Neal  Weinberg,  Tim  Greene,  Jason  Meserve,  Prashanth 
Menon,  Daniel  Hunt,  Craig  Mathias. 
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How  Do  You  Distribute 
Power  in  Your  Data 
Center  Cabinet? 


With  Sentry  CDU  Products! 

Basic,  Metered,  Smart  &  Switched 


3c 


.  H 


-0 
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i 
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Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 

Basic  CDU 

>  Reliable  &  Economical 

Metered  CDU 

>  Local  Input  Current  Monitoring 

>  Simple  3-Phase  Load  Balancing 

Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temp.  &  Humidity  Probes 

>  Secure  IP  &  Serial  Monitoring  of  Power, 
Temperature  &  Humidity 

Switched  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temp.  &  Humidity  Probes 

>  Secure  IP  &  Serial  Monitoring  of  Power, 
Temperature  &  Humidity 

>  Remote  Power  Control  for  Each  Outlet: 
ON/OFF/Reboot  with  Graceful  Server  Shutdown 

>  Smart  Load  Shedding 

>  kW  per  In-Feed,  Per  Cabinet,  or  Per  Square  Feet 


©Server  Technology,  Inc.  Sentry  is  a  trademark  of  Server  Technology,  Inc. 


Server  Technology,  Inc. 

1040  Sandhill  Drive  tf  +1.800.835.1515 

Reno,  NV  89521— USA  tel  +1.775.284.2000 

www.servertech.com 
www.servertechblog.com 


fax  +1.775.284.2065 
sales@servertech  .com 
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SENSAPHONE® 

REMOTE  MONITORING  SOLUTIONS 

Monitor  the  REST  of 

— — - 

+# .  Your  Computer  Room! 


Physical  Security 
Video 

Temperature 
Power  Problems 
Water  on  the  Floor 
Humidity 
Smoke  and  Fire 
And  much  more 


Instant  Notification  by  Phone  or 
E-mail  when  events  threaten  your 
_ Infrastructure.  _ 


New  solutions  starting 
at  under  SI ,000 

Dealers  Wanted 

Contact  us  today  to  discuss  your  application 


www.ims-4000.com 


877-373-2700 


•Supports  10/100/1000 

•  Stream  into  two  different  devices 

•  Rack  mount  up  to  three  across 

•  Supports  all  commercial  analysis  systems 

•  Also  works  with  open-source  tools 


Buffer  options: 

256  MB . 

512  MB . 


NEW! 


$1,295 

$1,795 

$2,195 


Learn  more.  Visit  www.networkTAPs.com. 


Choose  from  a  variety  of  configurations,  options,  and  pricing.  Plus  a 
complete  line  of  copper  and  optical  nTAPs  for  full-duplex  analyzer  systems 
Free  overnight  delivery* 

www.networkTAPs.com  •  1 -866-GET  wTAP 


Dp  ^  £  4siA  fjT 

1  ^  ^  ^  ''-y  7  ''  -Free  overnight  delivery  on  all  U^.  ordei s  uve,  $295  conftm.cd  before  12  p  n  <>+  '  ■■ 

©  2008  Network  Instruments,  UC.  nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Insmime i.  ' 


NEWS  ANALYSIS 


Contracts 

continued  from  page  1 

telecom,  outsourcing  and  maintenance  com¬ 
panies,  Catalini  says.  Salespeople  are  under 
pressure  to  record  sales  in  2008,  so  there’s  also 
an  opportunity  to  get  larger-than-usual  dis¬ 
counts  if  an  enterprise  is  willing  to  buy  a  prod¬ 
uct  earlier  than  it  had  planned,  he  says. 

With  a  signed  contract,  a  customer  typically 
has  to  give  up  something  to  get  a  discount.This 
often  means  extending  the  contract  in  ex¬ 
change  for  lowering  the  annual  fees. 

Simonds  International  in  Fitchburg, 

Mass.,  has  achieved  cost  savings  by 
renegotiating  contracts  with  disaster- 
recovery  ERf?  phone  and  WAN  ven¬ 
dors,  says  CIO  Susan  Kifer. 

Key  in  her  negotiations  is  honesty 
says  Kifer,  who  also  is  a  SIM  member. 

The  cutting-tool  manufacturer  is 
struggling  because  of  the  declining 
housing  market,  a  fact  she  is  quick  to 
point  out  to  vendors.  “Everyone 
understands  what’s  going  on  in  the 
housing  market.  We  need  to  lower 
our  costs  in  order  to  remain  viable. 

For  us,  that’s  an  honest  statement,” 
she  says. 

Simonds  had  a  three-year  contract  for  a  ro¬ 
bust  high  availability  disaster-recovery  service 
that  cost  $60,000  a  year.  About  a  year  ago,  “the 
vendor  worked  with  me  to  provide  a  backup 
service  that  was  not  [high  availability]  but  was 
adequate  and  lowered  our  cost  to  $30,000  for 
the  remaining  two  years  of  the  contract,”  Kifer 
says.The  vendor  was  flexible  in  part  because  it 
also  sells  servers  to  Simonds  and  wants  to 
maintain  a  strong  relationship,  she  says. 

Kifer  also  targeted  ERP  annual  licensing, 
negotiating  about  a  10%  discount  in  exchange 
for  a  three-year  contract  renewal.  That  was 
about  two  and  a  half  years  ago  and  she  is  rene¬ 
gotiating  again, she  says. 

With  Simonds’  phone  and  WAN  vendor,  Kifer 
renegotiated  with  about  six  months  left  on  the 
contract.  She  went  through  a  full  RFR competi¬ 
tive-bid  process,  which  helped  convince  the 
existing  vendor  to  lower  pricing.  “Not  every¬ 
body’s  willing  to  [renegotiate],” she  says.“We 
have  found  if  we  have  a  longstanding  relation¬ 
ship  [with  a  vendor]  they  have  been  willing  to 
help  us  through.” 

Despite  Kifer’s  success,  renegotiating  con¬ 
tracts  is  extremely  difficult,  Gartner  analyst 
Jane  Disbrow  says.  “I  cover  Oracle  and  SAP 
Both  of  those  companies  are  very  very  difficult 
to  deal  with  when  it  comes  to  taking  partial 
licenses  off  the  board,” she  says.They  fight  very 
hard  against  customers  coming  back  and  try¬ 
ing  to  reduce  maintenance  and  support.  It 
used  to  be  you  could  just  drop  support.” 

A  decade  ago, dropping  support  for  a  particu¬ 
lar  product  was  as  simple  as  writing  a  letter, 
Disbrow  says.  Today  vendors  are  more  likely  to 
take  an  all-or-nothing  stance.  If  you  have  bought 
five  products  from  a  vendor  and  want  to  drop 
support  on  one,  the  vendor  will  insist  that  you 


either  maintain  support  on  all  five  or  stop  get¬ 
ting  support  entirely  she  says.  ‘A  lot  of  these 
companies  have  ended  up  with  shelfware,  pro¬ 
ducts  they’ve  never  used  and  never  put  into 
production,”  she  says. “The  vendors  are  just  not 
cooperating.” 

IBM  is  wary  of  renegotiating  contracts  with 
customers, says  its  software  chief  Steve  Mills.“In 
general,  no,”  he  says  when  asked  if  IBM  is  will¬ 
ing  to  renegotiate  contracts.  “But  you  have  to 
get  down  to  the  specifics  of  what  the  client  sit¬ 
uation  is.” 

If  customers  say  a  product  is  not 
working  out,  IBM  tries  to  help  them 
make  better  use  of  the  technology 
or  use  it  in  a  different  way  to  gain 
more  value  from  it,  Mills  says.  “Our 
response  is  not  ‘let’s  lower  your  bill.’ 
It’s  ‘let  us  come  up  with  more  cre¬ 
ative  ways  to  use  the  equipment  we 
have”1  he  says. “We’re  not  inflexible 
in  that  context  but  we’re  also  not  giv¬ 
ing  customers  their  money  back.” 

Mills  says  he  hasn’t  noticed  any 
increase  in  customers  wanting  to 
renegotiate  contracts. 

Today’s  economic  conditions 
could  make  it  harder  to  renegotiate 
signed  deals,  but  customers  look¬ 
ing  to  spend  money  should  be  able  to  get  a 
great  price,  Gartner’s  Disbrow  says.“Certainly  it 
is  a  buyer’s  market.  If  you’re  negotiating  a  new 
deal,  credible  competition  is  your  primary 
leverage,”  she  says.  “Right  now,  Oracle  and  SAP 
can’t  stand  each  other.They’ll  discount  tremen¬ 
dously  to  keep  the  other  company  from  win¬ 
ning  that  deal.” 

Some  users  negotiate  contracts  on  their  own, 
but  enterprises  also  can  hire  expert  negotiators 
to  help  them  through  the  process.  Illinois  attor¬ 
ney  Sam  Conforti  negotiates  contracts  and 
writes  a  blog  on  software  licensing. The  ability 
to  renegotiate  software  maintenance  and  sup¬ 
port  fees  has  been  hindered  by  vendors  not 
offering  the  option  to  “park  users,”  he  says. 

ERP  vendors,  for  example,  used  to  let  cus¬ 
tomers  reduce  their  user  counts  for  specified 
periods  of  time,  usually  not  more  than  12  to  24 
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months,  Conforti  says.  This  occasionally  was 
done  in  the  early  part  of  this  decade,  but  is  not 
an  option  with  ERP  vendors  today  he  says. 

“We  could  ponder  if  such  a  mechanism  will 
be  allowed  again  by  the  ERP  vendors,” Conforti 
says.  “This  may  depend  on  how  bad  the  eco¬ 
nomic  conditions  are  and  how  long  they  per- 
sist.The  original  intent  was  to  temporarily  help 
out  a  customer  experiencing  economic  hard¬ 
ship,  not  to  allow  a  revolving  door  for  ERP  cus¬ 
tomers  to  turn  users  on  and  off  during  normal 
seasonal  or  business-cycle  downturns.” 

In  a  worsening  economysome  customers  are 
taking  longer  to  pay  money  they  owe  from 
contracts  negotiated  in  better  financial  times. 

CRM  vendor  RightNow  Technologies  recently 
reported  losing  revenue  because  of  “lengthen¬ 
ing  of  payment  terms  and  slower  cash  collec¬ 
tions,”  according  to  Goldman  Sachs. 

Contracts  typically  have  cash  penalties  for 
non-payment,  AMR’s  Brown  notes.  Getting  relief 
from  expensive  contracts  is  tough  for  small  cus¬ 
tomers.  If  you  lack  clout,  have  signed  an  iron¬ 
clad  contract  and  don’t  have  a  great  relation¬ 
ship  with  the  vendor, “you  could  end  up  yelling 
at  each  other  and  that’s  the  end,”  he  says. 

The  key  for  customers  is  to  call  the  vendor, 
state  your  case  in  business  terms  and  act  pro¬ 
fessional,  Brown  says.  There  has  to  be  some 
give-and-take,  with  each  side  giving  up  some¬ 
thing.  “This  is  about  business.This  isn’t  person¬ 
al.  Where  people  get  into  trouble  is  they  make 
it  personal,”  he  says. 

In  today’s  economy  many  vendors  are  ready 
to  be  flexible,  Catalini  says.“The  good  ones  are 
expecting  my  call,”  he  says.  “They’re  prepared 
for  the  discussion,  they  are  willing  to  be  flexi¬ 
ble  and  act  as  my  partner”  On  the  other  hand, 
“I’ve  had  some  that  are  not  really  offering  a  lot 
of  flexibility  We  don’t  necessarily  have  a  lot  of 
leverage  in  those  cases,”  he  says. 

If  dropping  support  for  a  product  is  an 
option,  sometimes  it’s  worth  the  risk,  Kifer  says. 
“I  self-provide  a  spare  router  for  example  and 
don’t  pay  maintenance  on  my  other  remote- 
site  routers. We  can  get  them  back  up  and  run¬ 
ning  next  day  and  we’ve  decided  that  is  good 
enough,”  she  says.B 
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Will  white  spaces 

My  problem  with  broadband?  It’s  the  lack 
of  real  choice.  Currently  what  we  have  is 
the  kind  of  “choice”  offered  by  fast  food 
companies  that  try  to  persuade  you  that  you 
can  have  it  your  way  when  the  choice  is  little 
more  than  with  or  without  onions. 

What  I’m  talking  about  is  real  choice,  the  kind 
of  choice  that  shows  that  the  world  of  com¬ 
merce  is  a  level  playing  field,  not  just  a  case  of 
he  who  has  the  most  money  gets  to  squeeze  the  market  dry 
I  have  complained  many  times  about  the  lack  of  choice  in  Internet 
access,  and  people  have  argued  that  if  you  can  switch  service 
providers  there  is  choice.  I  contend  that  when  switching  is  painful  — 
when  there  are  penalties  or  delays  or  other  impediments  —  then 
choice  is  illusory 

To  foster  an  Internet  connectivity  marketplace  with  real  choice  we 
need  a  broader  playing  field  with  low  entry  barriers  so  there  are 
more  competitors. 

The  FCC  has  just  taken  what  could  be  a  step  forward  by  approving 
the  use  of  “white  spaces”  as  an  alternative  for  Internet  access. 

White  spaces  is  the  term  for  the  radio  spectrum  that  will  be  vacated 
next  February  when  the  FCC  mandates  that  analog  television  broad¬ 
casters  transmitting  from  54MHz  to  806MHz  go  digital  and  restrict  their 
transmissions  to  the  54MHz-to-698MHz  range.That  frees  up  a  band 
208MHz  wide,  which  is  a  lot  of  radio  capacity  just  to  have  lying  around. 

Commerce,  just  like  nature,  abhors  a  vacuum, so  into  this  opportunity 
stepped  a  consortium  of  power  players,  namely  Microsoft,  Google,  Dell, 
HRIntel,  Philips,  EarthLink  and  Samsung  Electro-Mechanics  calling 
themselves  the  White  Spaces  Coalition. 

The  coalition’s  proposal  is  to  use  the  white  spaces  for  wireless 


BACKSPIN 


Mark  Gibbs 


mean  more  net  choices? 

Internet  connectivity  that  will  start  at  10Mbps  and,  in  short-range  appli¬ 
cations,  may  achieve  50M  to  100Mbps. 

Of  course  vested  interests  —  such  as  television  companies,  the 
National  Association  of  Broadcasters  and  companies  that  sell  wireless 
audio  systems  —  argued  that  allowing  unlicensed  use  of  these  fre¬ 
quencies  would  compromise  the  integrity  of  their  transmissions.  After 
an  18-month  study  the  FCC  concluded  these  naysayers  were  full  of  it, 
so  on,  Nov  4,  U.S.  election  day  the  FCC  voted  unanimously  to  allow  unli¬ 
censed  use  of  approved  devices  operating  in  the  white  spaces. 

Backing  up  the  blandishments  of  the  coalition  has  been  a 
diverse  group  that  includes  the  Free  Press,  the  National 
Organization  for  Women,  Feminist  Majority,  Leadership  Conference 
on  Civil  Rights,  Consumers  Union,  Consumer  Federation  of  Ame¬ 
rica,  Public  Knowledge,  Media  Access  Project,  MoveOn.org,  U.S. 
Public  Interest  Research  Group,  Common  Cause  and  the  Center 
for  Media  Justice. 

I  find  this  fascinating.  Just  consider  how  often  powerful  lobbies  man¬ 
age  to  pervert  policies  and  programs  that  potentially  would  be  valu¬ 
able  to  society  into  windfalls  for  a  small  number  of  commercial  or 
political  concerns.  And  yet,  this  landmark  decision  could  end  up  giving 
consumers  and  small  businesses  in  areas  without  broadband  access  a 
mainstream  route  to  the  Internet  and  weaken  the  vice-like  grip  that  the 
major  ISPs  have  on  the  existing  market. 

The  question  is,  will  white-spaces  Internet  access  become  what  all 
the  noncoalition  supporters  hope  for,  or  will  it  wind  up  being  a  gravy 
train  for  the  coalition  members  and  ultimately  provide  a  wider  range 
of  nonchoices? 

Gibbs  has  his  doubts  in  Ventura,  Calif.  Share  your  uncertainties  with 
backspin@gibbs.  com. 


’Net  teaches  print  another  lesson 
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How  thoroughly  has  the  Internet  come  to 
torment  the  dying  industry  that  is  print 
newspaper  publishing? 

So  thoroughly  that  even  a  rare  moment  in  the 
sun  for  print  last  week  was  overshadowed,  at 
least  in  part,  by  the  800-pound  online  gorilla. 

Perhaps  you  saw  the  reports:  Newspapers 
nationwide  couldn’t  spin  their  ancient  presses 
fast  enough  to  crank  out  extra  copies  and  spe- 
cial  editions  trumpeting  the  news  that  Barack 
Obama  had  been  elected  president. Television  news  aired  images  of 
people  literally  lining  up  around  the  Washington  Post  building  to  buy 
a  piece  of  history  printed  on  dead  trees. 

Impressive,  sure  —  but  how  20th  century. 

Meanwhile,  mere  hours  later,  sellers  on  eBay  were  asking  $400  for  a 
single  copy  of  that  day’s  New  York  Times  (by  the  next  morning,  market 
saturation  had  knocked  that  price  down  to  about  $100).  Lesser  but  still 
substantial  sums  were  being  offered  for  keepsake  editions  of  lesser 
but  still  substantial  metro  dailies. 

So  in  essence,  you  have  the  ink-stained  wretches  doing  all  the  pro¬ 
duction  work  and  collecting  all  the  grubby  little  quarters  from  those 
lines  of  loyal  readers/speculators  —  then  watching  the  real  money 
change  hands  online. 

Still,  considering  all  the  abuse  heaped  upon  newspapers  these  days, 
it  was  nice  to  see  them  bask  in  a  bit  of  reflected  glory  from  Obama’s 
historic  accomplishment. They,  of  course,  will  be  happy  about  the 
additional  revenue,  however  modest  it  may  look  in  comparison  with 
the  go-go  aftermarket  on  eBay. 

But  there  were  indications  that  the  print  barons  still  don’t  know 
what’s  hitting  them: “This  kind  of  demand  for  our  newspapers  is  unlike 
anything  we’ve  experienced  in  recent  historyf said  one  newspaper 


executive.“This  is  a  clear  demonstration  that  people  continue  turning 
to  their  local  newspaper  to  help  them  understand  and  interpret  the 
news  of  the  day,  and  that  is  especially  true  when  big  events  happen.” 

No,  this  is  a  clear  demonstration  that  readers  cannot  stash  a  Web  site 
in  a  keepsake  drawer. 

And  it  only  gets  worse 

This  will  seem  blindingly  obvious  to  my  fellow  political  junkies  but 
may  surprise  those  who  lead  more  well-rounded  (dare  I  say  normal?) 
lives:  The  Internet  has  surpassed  newspapers,  and  trails  only  television 
as  the  primary  source  of  political  news  for  most  Americans,  according 
to  a  recent  report  from  Pew  Research. 

In  addition,  the  percentage  of  Americans  who  say  they  receive  most 
of  their  political  news  from  the  Internet  has  more  than  tripled  —  from 
10%  to  33%  —  in  only  the  past  four  years.  Meanwhile,  those  saying  the 
same  of  television  and  newspapers  has  remained  largely  unchanged. 

From  Pew:“Not  surprisingly  the  Internet  is  a  considerably  more  popu¬ 
lar  source  for  campaign  news  among  younger  Americans  than  among 
older  ones.  Nearly  three  times  as  many  people  ages  18  to  29  mention 
the  Internet  as  mention  newspapers  as  a  main  source  of  election  news 
(49%  vs.  17%).  Nearly  the  opposite  is  true  among  those  over  age  50: 
Some  22%  rely  on  the  Internet  for  election  news,  while  39%  look  to 
newspapers.  Compared  with  2004,  use  of  the  Internet  for  election  news 
has  increased  across  all  age  groups.  Among  the  youngest  cohort  (ages 
18  to  29), TV  has  lost  significant  ground  to  the  Internet.” 

In  other  words,  television  news  executives  ought  not  be  snickering 
about  the  plight  of  their  print  publishing  brethren. 

Think  about  where  these  trends  will  have  taken  us  by  the  next  time 
we  elect  a  president. 

Feel  free  to  share  those  thoughts,  too.  The  address  is  buzz@nww.com. 
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